- What is a keystroke logger?
- Keystroke logging software, aka keylogger, is a form of software that's been around for a long time and can be traced to typewriters
- A keylogger runs quietly in the background and captures a user's keystrokes to be sent to a third party
- The third party can be a criminal, a support technician or law enforcement
- A keylogger can capture any and all information that a user enters from the keyboard, making them very dangerous
- Other methods besides malware exist for key logging and include hardware based approaches and acoustic analysis
- While most anti-malware software will provide some protection against keyloggers, they can be used legitimately
- There specific anti-keystroke logging tools, check this list: https://www.topattack.com/list/best-anti-keylogger-software-review/86
- Microsoft: "Expect a bumpy ride" in 2019:
- Microsoft president Brad Smith said a "bumpy ride" may be in store for the tech sector in 2019. Smith is also Microsoft's chief legal counsel
- Some of the concerns he raised include:
- Artificial Intelligence (AI) could be added to the Department of Commerce's controlled exports schedule due to national security implications
- Possible new regulations on tech companies, especially around privacy and "fake" news
- Election meddling and election security
- Regulation on biometrics and facial-recognition
- Trade war with China
- 2018's worst passwords list is little changed from 2017
- SplashData's 2018 worst password list was recently released. They claim to have evaluated more than five million leaked passwords.
- "123456" maintained it's spot at the top of the list despite years of warnings about password security and strong passwords
- Sadly, "password" was number 2 on the list, again
- Simple passwords such as those above can be cracked in fractions of microseconds
- It would be great if website and applications would simply stop allowing these bad passwords
- Until then, you need to use a "strong" password, and the guidance on that has changed
- Bill Burr authored a publication that was released by the National Institute of Standards and Technology (NIST Special Publication 800-63. Appendix A) that contained the original "strong" password advice
- Burr recently told the Wall Street Journal (WSJ) that the 2003 paper was based on a paper written in the 1980s rather than real-world password data
- Burr told the WSJ his previous advice of using special characters, mixed-case letters and numbers is not effective in stopping hackers because the combinations chosen by most people are highly predictable
- Burr also previously suggested that passwords be changed a minimum of every three months
- The UK's National Cyber Security Centre has said that forcing users to change their passwords at regular intervals "imposes burdens on the user and carries no real benefits".
- The new advice is that users should only change their password if there is evidence that it has been compromised, but users should still use a unique password on each site/platform
- Also a rather that a series of letters, numbers and symbols such as I10v355KRC!, users should use a long, easy to remember phrase with 3 or more words, for example, 55KRCIsTh3B3stTVStation3v3r
- Security experts have determined that a password like Tr0ub4dor&3 could be cracked in as little as 3 days, while a password like “correct horse battery staple” written as one word would take 550 years
- You can consider using a password manager app that will generate very strong password and store them in encrypted database
- Password manager apps:
- If you're going to use one, you MUST VET IT!
- Some of the most popular are:
- LastPass
- Keeper
- RoboForm
- For more choices and detail, visit:
- https://www.pcmag.com/article2/0,2817,2407168,00.asp
- https://www.cnet.com/news/the-best-password-managers-directory/