As I wrote in a blog posting last week, I had to log on a few times during my vacation. Part of that Internet use involved checking my Gmail account--and anytime you're logging on from a strange computer, you have to worry if the computer isn't logging any passwords.
It's not that Web-cafe operators are out to steal their customers' identities. But you can't assume that they're all adept at securing their machines from other people's malware.
One way to be sure no evil software is afoot is to run only your own, by booting the machine off a Linux CD. But many Internet cafes don't allow that. You may not even able to plug in a USB key to run your own Web browser (and, say, avoid having to puzzle your way through a Chinese-language version of Internet Explorer).
What I did instead was to try out a technique I learned about from a post at the Lifehacker blog last year: Type a character or two of a password, then click elsewhere in the browser and type a random character or two before clicking back in the password field to type the next character, repeating this exercise until the entire password has been entered. (That post, in turn, linked back to a two-page paper [PDF] by two Microsoft researchers.)
This way, any program recording each tap of the keyboard would see a lengthy string of real and junk characters unless it also tracked cursor position and focus. But why would the hypothetical criminal bother going to that effort when enough other people will type in passwords without obscuring them?
Put it this way: You don't need a great car alarm if you avoid leaving valuables visible in your car while other vehicles on the same block have cell phones and iPods left on back seats.
(Just to be sure, though, I changed the Gmail password when I got home.)
Got any other suggestions on how to log on securely far from home? Please share in the comments!
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder