Key and mouse loggers are devices that do just that – log the keys a user presses, or the xy position of a mouse. This can also capture passwords, or options selected from web pages with the mouse if used instead of passwords.

So, here is a neat idea – scramble the buttons you need to input for each session.

From Bruce Schneier’s Website

If you own the box, you have mouse clicks, yes, but are you recording them? And are you also recording information about what’s being written to the display?Here’s something encouraging: my bank, Shinsei (www.shinseibank.com), requires an account number, card PIN and password for authentication to their on-line banking. They offer the option (in fact, it used to be the only option) of using the “secure input keypad” when entering your PIN. This pops up a new window with buttons from zero to nine that you click with the mouse. Even better, the buttons are placed randomly every time.

I was pretty surprised to see this coming from a bank, though they are well known for having very good IT guys.

Posted by: Curt Sampson at April 4, 2005 08:35 PM