How does a keylogger work?
The supposedly big hurdle for hackers when accessing accounts such as Email, Facebook, online banking and so on is the password. However, the password for digital burglars seems to be no big deal anymore. Passwords can be spied out via so-called keyloggers. A keylogger is a software that records the keystrokes and thus the string of the password.
The keylogging software is installed on the PC that the attacker wants to spy on. Frequently, keyloggers are also manually installed by people from the inner circle of the victim with the intent of a secret surveillance.
The Keystrokes can be sent to the hacker online for example via Email. When the sent protocol is evaluated, sensitive data and passwords from platforms, banking software or e-mail accounts get into the hacker’s hands.
Keylogger – what is forbidden?
The software itself is not prohibited. A user can easily download a keylogger program. However, you come in conflict with the law when the software is installed on the computer without the knowledge and consent of the PC user to perform a covert spying.
A very popular keylogger program is the the software called “Wolfeye Keylogger”. In addition to recording keystrokes, the program has functions to record the screen of the PC user.
The illegal application is not a problem for data thieves. Therefore, on the official website of the Wolfeye Keylogger, the manufacturer expressly points out that the use on other computers without the consent of the owner is prohibited: www.wolfeye.us
Protection against keyloggers:
But how can a user protect himself from a keylogging program on the computer? As so often recommended, the use of a current antivirus tool is a must. Unfortunately, hackers also find backdoors here and manage to install the keylogging software on the computer despite virus scanners. The program code for the spy software may creep in unnoticed. The aforementioned Wolfeye Keylogger for example can be declared as an exception in the settings of the antivirus software and consequently no warning message is given during installation.
Password managers provide more security
Remedy could be a password manager. When using a suitable password manager, it is no longer necessary for the user to enter the password via the keyboard. The software recognizes which program or internet portal is being called up and automatically fills in the user name together with the password in the login window. This process cannot be detected by a keylogger.
Even if a password manager provides a little more security, the user should always create different passwords, so that in case of theft the hacker does not get to all accounts. In addition, a firewall can detect suspicious processes in the background that are displayed to the user.
Absolutely guaranteed security does not exist, even if very complex passwords are used together with a password manager. A procedure that is supposed to provide further security has proved its worth: the so-called two-factor authentication.
The two-factor authentication:
In this technique, the password (the 1st factor) is combined with a numerical code (the 2nd factor). The second factor, the code, is sent via SMS to the user’s mobile phone, for example. In order to perform a successful login, the first hurdle is to enter the complex password and the second hurdle, a code via SMS. This produces a very high level of security. Unfortunately, this methodology could not really prevail among the users. CMS such as WordPress, Drupal or Typo3 provide webmasters with plugins and modules to install two-factor authentication on the website.
Software producers strive to protect access with biometric data. Known among other things is the fingerprint with which a smartphone can be unlocked. Also on the face recognition is filed. Windows 10 already provides authentication of the face via the webcam with the software “Hello”.
Users can be more secure when using their computer by:
- complex passwords
- Use of a password manager
- Installing anti-virus software
- Run a firewall
- Use of two-factor authentication