KeyStroke logs: Are strong passwords enough?

Abstract

As hackers develop sophisticated phishing and social engineering attacks, it is recommended that users be aware of common tactics and implement stronger and unique passwords for sensitive accounts. Malware typically involved in cyber-attacks includes viruses and worms. Keyloggers are designed to track and capture keystrokes made on devices. They are not given the same priority as the other types of malware, but are also considered malicious as it poses the same level of risk. Having a strong password in this instance does not provide a high level of protection as keyloggers will log each key typed. This paper will discuss the characteristics of keylogging software while providing a summary on methods of protection. Three keylogging software are tested against two anti-keylogging programs to identify what information is captured and which method of protection is stronger. A discussion on risk assessment with regards to keyloggers and remediation techniques is also included.