Suppose you want to use an Internet cafe to login to your personal account on a bank web site, but you suspect that the computers in this cafe are infected with software keyloggers. Assuming that you can have both a web browser window and a text editing window open at the same time, describe a scheme that allows you to type in your userID and password so that a keylogger, used in isolation of any

screen captures or mouse event captures, would not be able to discover your userID and password.

What will be an ideal response?

---

Open both the web browser, pointing to your bank's login page, and a text
editing window, open to a new un-named file. To enter your userID and password, use your
mouse to toggle input between the text editor and the web browser. When you are in the
browser window type a single character of your userID or password and then click back to
the text editor window. When you are in the text editor window, type a reasonably-long
sequence of random characters. By toggling back and forth between these two windows you
will end up typing in your userID and password, but a keylogger will only see a sequence
of random characters with the characters of your userID and password intermixed in such
a way as to be hard to detect. In fact, you could cycle through all the characters on the
keyboard for each character in your userID and password, clicking to the browser just for
the appropriate character needed in each cycle and then immediately clicking back to the
text editor. In this case, a key logger would only see a repeated series of sequences of all
the characters on the keyboard.