Skip to Content
3-17-2008 @ 1:35PM
Every time I see these articles, people don't recommend a password wallet, and it is frustrating because it is an EXTREMELY effective counter to keyloggers, because you will not transmit important information, even if you have a keylogger on your system.http://passwordsafe.sourceforge.net/ Check it out, then use it. It's a very easy to use application, and all a keylogger will ever see is ctrl+v for your password. Running firefox with noscript enabled is always a good idea, but it is best to just plan on your system being compromised at some point, and thinking of ways to reduce the impact.
3-17-2008 @ 1:40PM
sorry, not buying it. If the keylogger is smart enough to get past any security you have and log keys, it is probably smart enough to scrape your clipboard upon seeing a ctrl+c or ctrl+v.
3-17-2008 @ 1:50PM
Then just use the automatic entry for the application. The keylogger would have to scrape every time it saw a right-click then (and actually I think with that option, the password never goes into the clipboard).Are there ways around this precaution? Certainly- pretty much every preventative has its' counter. Will it counter a lot of the canned scripts people deploy? Yes. A lot of "hackers" are just average people using canned software- and most of the time your system is compromised by making a stupid mistake that you ordinarily wouldn't make.Take my advice or leave it, I guess. Using a password wallet makes it very easy to have an extremely secure password, and WILL outsmart most keyloggers. That is why they exist.
3-17-2008 @ 1:53PM
Keyloggers directly attack the WoW executable. While I can't find a definitive article to state that, think of this: Tons of people use the "remember account name" option. If the keylogger was strictly logging keystrokes and someone had that turned on, all they would get is a useless password.Copy/pasting does not work.
3-17-2008 @ 2:36PM
@10My understanding is that most keyloggers get around that by deleting the contents of your wtf folder, forcing you to re-enter your account name.However, if we are now talking about how to protect against a compromised client binary- I would suggest zonealarm or black ice defender- either of which perform checksums on your binary and warn you if it has changed.Here is a link where pretty much every pro and attempts to identify cons for wallets are reviewed.http://forums.worldofwarcraft.com/thread.html?topicId=3881821845&postId=38813079512&sid=1#35Summary: There are a few pros, no cons, and it is not a solution that guarantees complete security (there never is).I would suggest using the "Autotype" feature to bypass worries about clipboard security.I guess I set myself up for flames by asserting that this is a good way to protect even a compromised system. However- I still maintain that it is. CERTAINLY it is much better than no protection, which is the alternative that seems to be presented by people responding to my OP.So let me amend my suggestion with all the criticisms. Use zonealarm to ensure your binary integrity. Use password-safe with autotype to enter your account information. This will not be absolute protection, but it will be a DAMN SIGHT better than none. It WILL protect you against keyloggers that scrape your keyboard, and compromised wow binaries.
3-17-2008 @ 9:03PM
I discovered that program while taking a Cryptography course. I use it for all my junk passwords for random websites. More important passwords are only in my head.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.