Sansaii (sansaii) wrote in suggestions,
Sansaii
sansaii
suggestions

Virtual Keyboard

Title
Virtual Keyboard

Short, concise description of the idea
Provide an in-site click-based virtual keyboard as an alternative to type in a user's username and password for increased security.

Full description of the idea

To demonstrate an example, the United States Federal Aid for higher education website has this feature:

https://fafsa.ed.gov/FOTWWebApp/fotw1011/FFOTWServlet?locale=en_US&cycle=1011&donothing=#

Click on the keyboard to the right of the boxes where the information should be entered.

As you can see, this opens a Javascript-based virtual keyboard which allows the user to type in the sensitive information by clicking on the numbers, rather than typing them on the desktop keyboard.

(They've disabled the alphabet, since the information they require is number-based, but judging by the code source, it doesn't look difficult at all to allow for this information to exist)

An ordered list of benefits
  • Greater Security, prevention of keystroke-logging form of phishing.
  • There are programs out there which contain the ability to log keystroke information from one person's keyboard, sending it to the hacker's e-mail address.
  • In other words, if such a malicious program infects the users computer, everything that is typed is available as information to the owner of the program.
  • With a Javascript click option, this type of information is not transmitted through keylogging programs, so passwords and usernames are more safe.
An ordered list of problems/issues involved
  • I don't see the option to enter certain special characters, but I'm wondering if that could be implemented in the code.
  • Even so, allowing for even partial virtual keyboard would allow for greater security than none at all.
  • For instance, if your password was:
  • aBc~123
  • You could virtually type "aBc", manually type "~", and virtually type "123". Meaning if a keylogging program was in place on your computer, the only bit of information that would be transmitted, would be the "~". This would still keep the rest of your password's identity hidden.
Tags: login, security, § no status
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 9 comments