Secure way to log in to a website on someone else's computer
Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?
Although related, but note that this is a bit different from this question since I am not using my own computer to log in.
authentication
|
show 6 more comments
Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?
Although related, but note that this is a bit different from this question since I am not using my own computer to log in.
authentication
9
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
5
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
5
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
39
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
3
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12
|
show 6 more comments
Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?
Although related, but note that this is a bit different from this question since I am not using my own computer to log in.
authentication
Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?
Although related, but note that this is a bit different from this question since I am not using my own computer to log in.
authentication
authentication
edited Dec 2 at 14:14
Boann
1815
1815
asked Nov 29 at 16:44
today
639247
639247
9
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
5
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
5
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
39
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
3
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12
|
show 6 more comments
9
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
5
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
5
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
39
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
3
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12
9
9
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
5
5
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
5
5
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
39
39
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
3
3
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12
|
show 6 more comments
13 Answers
13
active
oldest
votes
This is an interesting question!
The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.
We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).
Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).
This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.
Additionally, consider the following, via user TemporalWolf
Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
|
show 7 more comments
In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).
This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.
Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.
Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.
While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.
As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.
But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
|
show 4 more comments
If you encounter this situation regularly, try the following:
Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.
Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.
Edit:
As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.
Potential weaknesses of this method:
This method is vulnerable to the following:
- Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.
- Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
|
show 10 more comments
Use SQRL
If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.
SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.
EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
|
show 11 more comments
It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...
- Open text editor of choice.
- Type out the full alphabet in both upper and lower case.
- type out the full range of numbers and symbols that are available.
- Copy and paste letter by letter to enter your password on the web form.
- As an added layer of obfuscation, don't grab the letters in the same order as the final password
I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.
Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
|
show 5 more comments
There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
add a comment |
If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.
There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.
Mitigation of Hardware based vulnerabilities
- Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.
- Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.
- Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.
- Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.
- Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.
Software methods of decreasing the risk
- Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.
- Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.
The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.
add a comment |
The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.
If you have probable cause or general paranoia then do not perform unsafe actions.
Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.
What is the threat model anyways?
- Do you not trust the person?
- Do you not trust the computer?
- Are you trying to prevent their access from the particular website which you are logging in to?
- Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?
- Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?
- Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
add a comment |
You don't specify whether you need to login via someone's computer because you:
- Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.
- Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.
- Need their network (e.g. you need to be inside their LAN, but with your own device)
- Don't need their network or device at all, it is just convenient for you to use their computer.
The optimal way of addressing these concerns is, in the reverse order:
Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.
Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.
Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.
Case 1. Also helps with Case 2.
a) Require Administrator/root access.
b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.
c) Change your access password via your 3G/4G phone to something temporary,
d) Access the server, use 2FA
e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)
f) Change password back via your 3G/4G phone
g) Set the firewall back to normal.
Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:
a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.
b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.
c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.
d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!
e) Proceed as in previously described in 1c) and on.
f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.
The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.
I would appreciate feedback on that route, if I perhaps missed something.
add a comment |
In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.
Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.
Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.
add a comment |
If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.
If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
add a comment |
Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:
If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.
So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.
So if I am forced to login: "I don't know my password".
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
add a comment |
When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.
That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
|
show 2 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198726%2fsecure-way-to-log-in-to-a-website-on-someone-elses-computer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
13 Answers
13
active
oldest
votes
13 Answers
13
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is an interesting question!
The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.
We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).
Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).
This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.
Additionally, consider the following, via user TemporalWolf
Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
|
show 7 more comments
This is an interesting question!
The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.
We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).
Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).
This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.
Additionally, consider the following, via user TemporalWolf
Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
|
show 7 more comments
This is an interesting question!
The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.
We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).
Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).
This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.
Additionally, consider the following, via user TemporalWolf
Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.
This is an interesting question!
The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.
We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).
Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).
This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.
Additionally, consider the following, via user TemporalWolf
Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.
edited Dec 3 at 23:36
answered Nov 29 at 16:55
Cowthulhu
1,1621217
1,1621217
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
|
show 7 more comments
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
5
5
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
"you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
– Qwertie
Nov 30 at 5:07
21
21
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
– forest
Nov 30 at 7:25
5
5
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
– Chris Cirefice
Nov 30 at 17:07
9
9
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
"If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
– Steve Jessop
Dec 1 at 22:53
2
2
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
@ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
– Damon
Dec 4 at 8:36
|
show 7 more comments
In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).
This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.
Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.
Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.
While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.
As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.
But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
|
show 4 more comments
In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).
This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.
Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.
Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.
While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.
As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.
But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
|
show 4 more comments
In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).
This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.
Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.
Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.
While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.
As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.
But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.
In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).
This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.
Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.
Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.
While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.
As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.
But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.
edited Dec 3 at 10:13
answered Nov 30 at 3:28
iBug
55018
55018
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
|
show 4 more comments
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
– a25bedc5-3d09-41b8-82fb-ea6c353d75ae
Nov 30 at 13:06
7
7
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
– martinstoeckli
Dec 3 at 12:38
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
@martinstoeckli Yep, but that's the opposite of this question.
– iBug
Dec 3 at 13:59
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
– cybernard
Dec 3 at 14:54
1
1
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
@MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
– iBug
Dec 4 at 15:16
|
show 4 more comments
If you encounter this situation regularly, try the following:
Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.
Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.
Edit:
As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.
Potential weaknesses of this method:
This method is vulnerable to the following:
- Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.
- Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
|
show 10 more comments
If you encounter this situation regularly, try the following:
Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.
Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.
Edit:
As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.
Potential weaknesses of this method:
This method is vulnerable to the following:
- Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.
- Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
|
show 10 more comments
If you encounter this situation regularly, try the following:
Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.
Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.
Edit:
As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.
Potential weaknesses of this method:
This method is vulnerable to the following:
- Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.
- Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.
If you encounter this situation regularly, try the following:
Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.
Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.
Edit:
As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.
Potential weaknesses of this method:
This method is vulnerable to the following:
- Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.
- Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.
edited Dec 1 at 2:38
answered Nov 30 at 7:00
daviewales
33317
33317
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
|
show 10 more comments
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
3
3
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
– Xen2050
Nov 30 at 11:41
5
5
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
"Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
– Bergi
Dec 2 at 13:55
1
1
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
@Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
– daviewales
Dec 2 at 21:16
2
2
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
"Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
– Acccumulation
Dec 3 at 23:38
1
1
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
– Acccumulation
Dec 5 at 21:18
|
show 10 more comments
Use SQRL
If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.
SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.
EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
|
show 11 more comments
Use SQRL
If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.
SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.
EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
|
show 11 more comments
Use SQRL
If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.
SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.
EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.
Use SQRL
If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.
SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.
EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.
edited Dec 3 at 18:56
answered Nov 29 at 21:40
Monty Harder
48236
48236
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
|
show 11 more comments
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
– today
Nov 29 at 21:54
3
3
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
– caw
Nov 30 at 1:28
19
19
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
– vidarlo
Nov 30 at 6:41
4
4
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
– schroeder♦
Dec 3 at 10:33
2
2
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
– Beanluc
Dec 3 at 18:45
|
show 11 more comments
It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...
- Open text editor of choice.
- Type out the full alphabet in both upper and lower case.
- type out the full range of numbers and symbols that are available.
- Copy and paste letter by letter to enter your password on the web form.
- As an added layer of obfuscation, don't grab the letters in the same order as the final password
I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.
Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
|
show 5 more comments
It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...
- Open text editor of choice.
- Type out the full alphabet in both upper and lower case.
- type out the full range of numbers and symbols that are available.
- Copy and paste letter by letter to enter your password on the web form.
- As an added layer of obfuscation, don't grab the letters in the same order as the final password
I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.
Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
|
show 5 more comments
It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...
- Open text editor of choice.
- Type out the full alphabet in both upper and lower case.
- type out the full range of numbers and symbols that are available.
- Copy and paste letter by letter to enter your password on the web form.
- As an added layer of obfuscation, don't grab the letters in the same order as the final password
I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.
Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.
It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...
- Open text editor of choice.
- Type out the full alphabet in both upper and lower case.
- type out the full range of numbers and symbols that are available.
- Copy and paste letter by letter to enter your password on the web form.
- As an added layer of obfuscation, don't grab the letters in the same order as the final password
I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.
Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.
answered Nov 29 at 20:15
Rozwel
1832
1832
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
|
show 5 more comments
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
19
19
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Surely an off-the-shelf screen recorder would counter this?
– Draconis
Nov 29 at 20:20
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
– today
Nov 29 at 20:40
3
3
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
@Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
– Rozwel
Nov 29 at 20:44
7
7
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
– Nathan Goings
Nov 29 at 21:39
1
1
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
@NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
– JoL
Nov 29 at 21:43
|
show 5 more comments
There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
add a comment |
There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
add a comment |
There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.
There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.
answered Nov 29 at 20:26
Duncan X Simpson
232213
232213
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
add a comment |
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
– miroxlav
Dec 4 at 2:29
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
@miroxlav It can't. But as I said, at least one major company supports it.
– Duncan X Simpson
Dec 4 at 2:34
add a comment |
If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.
There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.
Mitigation of Hardware based vulnerabilities
- Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.
- Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.
- Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.
- Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.
- Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.
Software methods of decreasing the risk
- Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.
- Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.
The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.
add a comment |
If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.
There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.
Mitigation of Hardware based vulnerabilities
- Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.
- Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.
- Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.
- Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.
- Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.
Software methods of decreasing the risk
- Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.
- Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.
The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.
add a comment |
If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.
There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.
Mitigation of Hardware based vulnerabilities
- Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.
- Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.
- Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.
- Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.
- Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.
Software methods of decreasing the risk
- Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.
- Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.
The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.
If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.
There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.
Mitigation of Hardware based vulnerabilities
- Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.
- Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.
- Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.
- Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.
- Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.
Software methods of decreasing the risk
- Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.
- Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.
The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.
answered Dec 1 at 10:12
Theoremiser
1413
1413
add a comment |
add a comment |
The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.
If you have probable cause or general paranoia then do not perform unsafe actions.
Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.
What is the threat model anyways?
- Do you not trust the person?
- Do you not trust the computer?
- Are you trying to prevent their access from the particular website which you are logging in to?
- Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?
- Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?
- Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
add a comment |
The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.
If you have probable cause or general paranoia then do not perform unsafe actions.
Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.
What is the threat model anyways?
- Do you not trust the person?
- Do you not trust the computer?
- Are you trying to prevent their access from the particular website which you are logging in to?
- Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?
- Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?
- Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
add a comment |
The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.
If you have probable cause or general paranoia then do not perform unsafe actions.
Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.
What is the threat model anyways?
- Do you not trust the person?
- Do you not trust the computer?
- Are you trying to prevent their access from the particular website which you are logging in to?
- Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?
- Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?
- Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.
The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.
If you have probable cause or general paranoia then do not perform unsafe actions.
Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.
What is the threat model anyways?
- Do you not trust the person?
- Do you not trust the computer?
- Are you trying to prevent their access from the particular website which you are logging in to?
- Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?
- Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?
- Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.
edited Dec 3 at 13:54
answered Nov 30 at 14:01
MonkeyZeus
288210
288210
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
add a comment |
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
I think the OP is worrying about foreign immigration officers asking him to show his social media
– usr-local-ΕΨΗΕΛΩΝ
Dec 3 at 8:26
add a comment |
You don't specify whether you need to login via someone's computer because you:
- Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.
- Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.
- Need their network (e.g. you need to be inside their LAN, but with your own device)
- Don't need their network or device at all, it is just convenient for you to use their computer.
The optimal way of addressing these concerns is, in the reverse order:
Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.
Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.
Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.
Case 1. Also helps with Case 2.
a) Require Administrator/root access.
b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.
c) Change your access password via your 3G/4G phone to something temporary,
d) Access the server, use 2FA
e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)
f) Change password back via your 3G/4G phone
g) Set the firewall back to normal.
Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:
a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.
b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.
c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.
d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!
e) Proceed as in previously described in 1c) and on.
f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.
The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.
I would appreciate feedback on that route, if I perhaps missed something.
add a comment |
You don't specify whether you need to login via someone's computer because you:
- Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.
- Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.
- Need their network (e.g. you need to be inside their LAN, but with your own device)
- Don't need their network or device at all, it is just convenient for you to use their computer.
The optimal way of addressing these concerns is, in the reverse order:
Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.
Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.
Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.
Case 1. Also helps with Case 2.
a) Require Administrator/root access.
b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.
c) Change your access password via your 3G/4G phone to something temporary,
d) Access the server, use 2FA
e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)
f) Change password back via your 3G/4G phone
g) Set the firewall back to normal.
Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:
a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.
b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.
c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.
d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!
e) Proceed as in previously described in 1c) and on.
f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.
The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.
I would appreciate feedback on that route, if I perhaps missed something.
add a comment |
You don't specify whether you need to login via someone's computer because you:
- Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.
- Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.
- Need their network (e.g. you need to be inside their LAN, but with your own device)
- Don't need their network or device at all, it is just convenient for you to use their computer.
The optimal way of addressing these concerns is, in the reverse order:
Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.
Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.
Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.
Case 1. Also helps with Case 2.
a) Require Administrator/root access.
b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.
c) Change your access password via your 3G/4G phone to something temporary,
d) Access the server, use 2FA
e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)
f) Change password back via your 3G/4G phone
g) Set the firewall back to normal.
Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:
a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.
b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.
c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.
d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!
e) Proceed as in previously described in 1c) and on.
f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.
The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.
I would appreciate feedback on that route, if I perhaps missed something.
You don't specify whether you need to login via someone's computer because you:
- Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.
- Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.
- Need their network (e.g. you need to be inside their LAN, but with your own device)
- Don't need their network or device at all, it is just convenient for you to use their computer.
The optimal way of addressing these concerns is, in the reverse order:
Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.
Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.
Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.
Case 1. Also helps with Case 2.
a) Require Administrator/root access.
b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.
c) Change your access password via your 3G/4G phone to something temporary,
d) Access the server, use 2FA
e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)
f) Change password back via your 3G/4G phone
g) Set the firewall back to normal.
Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:
a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.
b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.
c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.
d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!
e) Proceed as in previously described in 1c) and on.
f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.
The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.
I would appreciate feedback on that route, if I perhaps missed something.
answered Dec 3 at 18:32
xmp125a
40714
40714
add a comment |
add a comment |
In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.
Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.
Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.
add a comment |
In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.
Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.
Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.
add a comment |
In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.
Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.
Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.
In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.
Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.
Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.
answered Dec 3 at 3:29
R..
4,54711418
4,54711418
add a comment |
add a comment |
If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.
If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
add a comment |
If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.
If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
add a comment |
If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.
If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.
If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.
If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.
answered Dec 3 at 12:45
Dmitry Grigoryev
7,3801940
7,3801940
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
add a comment |
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
4
4
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
I trust my grandmother. I do not trust that her computer is clean.
– schroeder♦
Dec 3 at 13:49
add a comment |
Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:
If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.
So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.
So if I am forced to login: "I don't know my password".
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
add a comment |
Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:
If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.
So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.
So if I am forced to login: "I don't know my password".
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
add a comment |
Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:
If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.
So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.
So if I am forced to login: "I don't know my password".
Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:
If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.
So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.
So if I am forced to login: "I don't know my password".
answered Dec 4 at 9:00
CularBytes
1092
1092
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
add a comment |
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
– Kolappan Nathan
Dec 4 at 9:08
1
1
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
This is an anti-answer. The premise is that user must log in.
– schroeder♦
Dec 4 at 9:26
add a comment |
When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.
That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
|
show 2 more comments
When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.
That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
|
show 2 more comments
When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.
That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.
When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.
That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.
answered Nov 30 at 7:03
user192527
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
|
show 2 more comments
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
1
1
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
How would a sandboxed process or an encrypted home directory defeat keylogging?
– forest
Nov 30 at 7:23
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
– user192527
Nov 30 at 7:25
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
– forest
Nov 30 at 7:27
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
– user192527
Nov 30 at 7:36
1
1
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
– David Conrad
Dec 1 at 17:16
|
show 2 more comments
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198726%2fsecure-way-to-log-in-to-a-website-on-someone-elses-computer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
9
Can you create a virtual machine on their box?
– DarkMatter
Nov 29 at 16:46
5
@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 at 16:50
5
it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 at 17:25
39
A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 at 18:17
3
Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 at 4:12