sorry, not buying it. If the keylogger is smart enough to get past any security you have and log keys, it is probably smart enough to scrape your clipboard upon seeing a ctrl+c or ctrl+v.

Then just use the automatic entry for the application. The keylogger would have to scrape every time it saw a right-click then (and actually I think with that option, the password never goes into the clipboard).

Are there ways around this precaution? Certainly- pretty much every preventative has its' counter. Will it counter a lot of the canned scripts people deploy? Yes. A lot of "hackers" are just average people using canned software- and most of the time your system is compromised by making a stupid mistake that you ordinarily wouldn't make.

Take my advice or leave it, I guess. Using a password wallet makes it very easy to have an extremely secure password, and WILL outsmart most keyloggers. That is why they exist.

Keyloggers directly attack the WoW executable. While I can't find a definitive article to state that, think of this: Tons of people use the "remember account name" option. If the keylogger was strictly logging keystrokes and someone had that turned on, all they would get is a useless password.

Copy/pasting does not work.

@10

My understanding is that most keyloggers get around that by deleting the contents of your wtf folder, forcing you to re-enter your account name.

However, if we are now talking about how to protect against a compromised client binary- I would suggest zonealarm or black ice defender- either of which perform checksums on your binary and warn you if it has changed.

Here is a link where pretty much every pro and attempts to identify cons for wallets are reviewed.
http://forums.worldofwarcraft.com/thread.html?topicId=3881821845&postId=38813079512&sid=1#35
Summary: There are a few pros, no cons, and it is not a solution that guarantees complete security (there never is).

I would suggest using the "Autotype" feature to bypass worries about clipboard security.

I guess I set myself up for flames by asserting that this is a good way to protect even a compromised system. However- I still maintain that it is. CERTAINLY it is much better than no protection, which is the alternative that seems to be presented by people responding to my OP.

So let me amend my suggestion with all the criticisms. Use zonealarm to ensure your binary integrity. Use password-safe with autotype to enter your account information. This will not be absolute protection, but it will be a DAMN SIGHT better than none. It WILL protect you against keyloggers that scrape your keyboard, and compromised wow binaries.

I discovered that program while taking a Cryptography course. I use it for all my junk passwords for random websites. More important passwords are only in my head.