crezz

Level 5
Verified
My question is whether using a password manager would prevent a keylogger from stealing passwords.

I thought that as a password manager pastes the passwords directly into your browser then it wouldn't give much chance for a keylogger to record keystrokes or copy things from the system memory.

Any thoughts about this ?

Thanks.
 
  • Like
Reactions: SHvFl and shmu26

Atlas147

Level 30
Content Creator
Verified
My question is whether using a password manager would prevent a keylogger from stealing passwords.

I thought that as a password manager pastes the passwords directly into your browser then it wouldn't give much chance for a keylogger to record keystrokes or copy things from the system memory.

Any thoughts about this ?

Thanks.
The idea is there, but if the keylogger is able to steal clipboard information then it would render your method useless too
 
  • Like
Reactions: SHvFl
5

509322

My question is whether using a password manager would prevent a keylogger from stealing passwords.

I thought that as a password manager pastes the passwords directly into your browser then it wouldn't give much chance for a keylogger to record keystrokes or copy things from the system memory.

Any thoughts about this ?

Thanks.
When dealing with a pure keylogger, it cannot log what isn't typed. Password managers fill forms so there is no keystrokes. No typing is part of the rationale for virtual keyboards of various types. The answer is yes against a pure keylogger.
 

shmu26

Level 76
Content Creator
Trusted
Verified
See my answer immediately above.
Problem is with financial sites, where careful users have their password manager set up to prompt for master password. So I guess we are back in the hands of the keyloggers, at that point.
 
  • Like
Reactions: SHvFl

SHvFl

Level 35
Content Creator
Trusted
Verified
Problem is with financial sites, where careful users have their password manager set up to prompt for master password. So I guess we are back in the hands of the keyloggers, at that point.
2 step authentication and who cares if they steal your master password. I can pm you my password but it has no use to you because you would need to step my authenticator first in order to get in. So the scenario that they get your master password is still not as scary as them getting your passwords. It has almost 0 downside especially considering that you will get an alert and change your password if you have an ounce of brain.
 
  • Like
Reactions: frogboy and shmu26
5

509322

Problem is with financial sites, where careful users have their password manager set up to prompt for master password. So I guess we are back in the hands of the keyloggers, at that point.
It requires both user understanding and fastidious\meticulous adherence to the steps required to avoid a leakage. It's better to just use an anti-logger; less opportunity for a user mis-step that results in a leak. And better yet is if you block by default. Solves that keylogging issue real fast.
 
  • Like
Reactions: SHvFl and shmu26

shmu26

Level 76
Content Creator
Trusted
Verified
2 step authentication and who cares if they steal your master password. I can pm you my password but it has no use to you because you would need to step my authenticator first in order to get in. So the scenario that they get your master password is still not as scary as them getting your passwords. It has almost 0 downside especially considering that you will get an alert and change your password if you have an ounce of brain.
Practically speaking, 2 step authentication usually requires that you have a device in your pocket that can receive text messages, and that you have decent cellular reception.
Does Kaspersky Internet Security have a built in keylogger ?
It has a keystroke encryptor. It self-activates when you fill in login details on a website, as long as you have the Kaspersky browser extension installed and enabled.

But it is not clear to me whether it encrypts when entering the master password in LastPass.
 
  • Like
Reactions: SHvFl

SHvFl

Level 35
Content Creator
Trusted
Verified
Practically speaking, 2 step authentication usually requires that you have a device in your pocket that can receive text messages, and that you have decent cellular reception.
No it doesn't. Most of this authenticators work with an application and not sms(both google and lastpass that can be used). So as long as you periodically have signal or internet for the time to be accurate you are game on.
 
  • Like
Reactions: shmu26