Science Forums 2

[alexander]

space is actually a better random character then an exclamation mark...

Donk, in my current life i deal with key loggers, both software and hardware, thing is, if someone installed a key logger on your computer to "get your passwords" you are already screwed... they both got in and installed it so your security was compromized already, at that point you dont even have to run a key logger to get your passwords, because there are many ways to get the data, regardless of whether you typed it or pasted it (its as easy to log the copy actions as it is to log key presses).

Now hardware loggers are a little different, in that if you copy and paste your passwords they will not catch those passwords, but you cant copy and paste your login password, thus you are still (as they say in leet speak) pwned, as software loggers can be installed afterwards with your login password.

Biometric authentication is still bad, as its easy to lift a finger print, and use it to get in (most of those devices are easy to fool).

Centrally managed changing keys are probably one of the only, still not fool proof, ways to manage security. But honestly you can be paranoid as you can be with password security in your organization, bottom line is that there is still a "Human Factor" in the equation, which means that exploiting that factor is most of the time, the easiest route to take to gain access. I've talked to many guys who do penetration testing, and i just have to say, you'd be surprised how far a fake badge and a printed design on a shirt, or a cell phone that rings at just the right time, or a telephone butt set set can take you, or a dozen cheap flash drives, or carefully labeled cds can take you... and ofcourse nothing beats the phone call from your new IT guy