Keystroke logging, also known as keylogging, is the practice of recording the data entered by a computer user during the use of a computer’s keyboard. This can be done through software or hardware and can be part of a malicious computer program or part of a legitimate security system. Keystroke logging is often considered an invasion of privacy and can be most devastating when used to gain important private information, such as account numbers and passwords for bank accounts, credit card information, and even online computer game accounts and passwords. There are several steps that can be taken to help protect a computer and user from keystroke logging, and as with most computer security issues, being cautious and using computer security software are the best ways of preventing problems.
Certain hardware devices can be used as keystroke loggers. These devices are plugged in between the cord of a keyboard and the input on a computer tower and are similar in size and appearance to a keyboard adapter plug. Keystroke logging hardware can be especially troublesome because the information is logged by the device before it ever actually reaches the computer, so computer security software is useless against these types of devices. Fortunately, these devices can typically be seen by casual inspection of a computer and should be watched for whenever a person is using a public computer.
A keystroke logging program can be software-based, and this is typically part of an extensive computer security system or part of a piece of malicious software (malware). Some people use security software on their computers to ensure that children cannot access certain websites or spend money online, or to ensure that employees are not wasting time online while at work. Some of these programs can include keystroke logging as a feature, typically intended to track the activities of unsupervised minors and employees using the computer.
Some keystroke logging, however, is performed by malicious programs such as Trojan horses or other types of malware. These programs are typically intended to log the keystrokes of a computer user as he or she enters account numbers, passwords, and other sensitive information. The data can then be remote accessed or sent to a specific email address or Internet protocol (IP) address that is owned by the malware designer. This data can then be used to access the accounts and can even be used to change passwords and keep the legitimate user from accessing his or her information.
Though some computer security programs can detect these types of malicious keystroke loggers, no single program is always a perfect defense against such practices. Much like avoiding any other piece of malware, caution should be taken by computer users whenever opening mail from someone they do not know, or following suspicious links in email and on Internet websites. Using antivirus and antimalware programs, and keeping them constantly updated, is also a great way to better detect programs such as keystroke logging malware and remove them before private information is compromised.