cyaif

A similar idea, which does not use any "unresponsive" areas. It abuses the fact that if a portion of text is selected, the next key replaces the selected text. So your script could get the current font width first. And use "mouse selects", e.g. win.mouse("leftdown move -30 0 leftup") in PP-terminology, to replace the dummy chars with real ones. Say your password is "secret". - begin with typing "asdfg" - select these 5 chars with mouse and type "s" which replaces those - now type "werteiop" - select 8 chars with the mouse - and type "e" again replacing the dummies and so on As before, a transparent window could help against screen-capturing malware and you could mangle the order of characters. However, IMHO using completely random characters as dummies every time should be avoided because common characters in every session could be found out in the keylogger's logs, which simplifies a succesful brute-force attack. Cü from PP-Community

I have come across the following idea on the 'Net. With this method you cannot bypass keyloggers completely, however, you can *REALLY* confuse them. It works with almost any application, but I'll explain it using Keepass as an example. It goes like this (more info @ http://cups.cs.cmu.edu/soups/2006/posters/..._abstract.pdf): You activate your target window. Now you find any area on that window, which is unresponsive to keystrokes. For Keepass it is the keyfile combobox (so you have to use a keyfile, but you should do it anyway , i.e. if you click the combo box and press a key, Keepass discards that key. While the combo box is still open (or closed, doesn't matter, it should simply must have the focus), just press a random number of keys in that box. Now, you click the password box and type a character of your password. Then you click the combobox again and press some more random keys. And you repeat the process for each character of your password. The more characters you use, the better. You could use literally hundreds of chars. For even more confusion, I've added a few things of my own: - I'm making the password dialog completely transparent, since some keyloggers make screenshots after each mouseclick and so they could analyze the number of chars in your password - your script can click in the password box in varying order, i.e. begin with the a char from the middle of your pass, then on next turn, your script clicks at the very beginning and types the preceding character, then on next it clicks far right in the password box and types the succeeding character (to the very first char), and so on. I think the idea should be pretty clear and it's well suited to be automated for very sensitive passwords. Though I'm well aware of Autoit since long, I'm not an Autoit user (I'm using a rival tool, PowerPro; pls be nice to me . I've already written some scripts to automate this with PowerPro, but I thought we all could benefit from the idea and you could expand Keeform to use this technique as well. You would need screen positions of password boxes and unresponsive areas, which I'm sure Autoit could find out by using a shortcut key before the operation begins. For more techniques against keyloggers, see: http://en.wikipedia.org/wiki/Keylogger#Keylogger_prevention Hope this helps and any suggestions/improvements are most welcome. Cü from PP-Community