On-line Banking using Public PC « Aplin Software Forum

Aplin Software Forum » Neo's SafeKeys Forum

On-line Banking using Public PC

(21 posts) (2 voices)

Started 6 months ago by anon_private
Latest reply from anon_private

Tags:

No tags yet.

anon_private
Member

Hi,

I may need to use a public pc when conducting on-line banking.

If I use this software, how secure will I be when making transations, supplying a user name, password, etc.?

Is the software freeware?

Thanks

Posted 6 months ago #
neo
Moderator

Neo's SafeKeys will offer you great protection against keyloggers, screenloggers and clipboard loggers. The safest mode is the 'Hidden Mouse' Mode, where you only use the mouse, and it's hidden as a small grey dot.

I originally developed SafeKeys to do exactly what you want to do - internet banking in Internet cafes. On occasion I still do use it for this, when I need to.

The effectiveness of SafeKeys will depend on how your bank deals with user login matters. Some banks have their own on screen keyboards, that don't allow for dragging and dropping, so you can't use SafeKeys with these.

It's not 100% guaranteed to protect you from EVERYTHING, but should offer you a pretty decent level of security.

And yes, it is freeware.

Posted 6 months ago #
anon_private
Member

Thanks for responding

So providing the bank does not use an on screen keyboard, I should be safe. If it does use such a keyboard, can I take precautions? (account and bank not yet decided.)

I would aim to install Safekeys on a USB stick. Might it be a good idea to install a portable version of Firefox as well, or would this browser be unnecessary?

I am sure that your programme is safe to use, but as a matter of interest can I verify its integrity?

Posted 6 months ago #
anon_private
Member

I have just looked at the download page.

The latest version appeaers to be: 2008 v.2.3.

2008, seems a bit dated?

The portable version is presumably designed to be installed on a stick and used on public pc's.

The install edition is presmably designed to be installed on a home pc.

As a matter of interest, could not the portable version also be installed on a home pc?

Thanks

Ps. Are both compatible with all versions of Windows

PPS. On a different point, perhaps it would be an improvemnet to the postings if a message could be sent to the email addresses of the posters informing them that they have received responses.

Posted 6 months ago #
neo
Moderator

Regarding banking, and doing banking on public PCs; portable FireFox is probably not a bad idea. Make sure you have secure connections (httpS://) wherever you can, and SafeKeys will protect you against keyloggers when using the mouse-only modes.
You may be interested in looking into Xerobank (http://xerobank.com/)

Regarding the versioning:
Any version can be used anywhere - the only difference is that the install version places items in the Start->Programs menu. The core program is the same.

Regarding Windows versions:
Neo's SafeKeys should work fine on any version of Windows, from XP to Windows 7.

Regarding "2008" version:
It was first released in 2008- but has had improvements since then. You'll see this on the version page (http://www.aplin.com.au/?page_id=416).
I am currently working on a new version, which will be the safest yet.

Posted 6 months ago #
anon_private
Member

Thanks for responding.

The safest mode of operation appears to be 'Hidden Mouse and Hover Entry', do you agree?

Does 'Safekeys' access the Internet? If so, can it be blocked from doing this without problems?

If users decide to uninstall the programme, does the file come with an uninstall facility. If not, what would be the best method of uninstalling the programme?

On reading the article ' Hide Password in amongst random charcters'. I did not understand how the computer could recognise the password amongst the list of charcters: (ref....'most keyloggers will log some thing like: re407 etc.)

Thanks in advance.

A

Posted 6 months ago #
anon_private
Member

I had a look at xerobank.

It seems to be a system for anonymising internet use.

Is this an advantage when banking on-line?

I think that xerobank is a commercial service. I believe that there are other free anonymising services available on-line. In addition, it looks like one is constrained to use their browser, rather that a browser chosen by the user.

Best wishes.

A

Posted 6 months ago #
neo
Moderator

Hi A,

The safest mode is the 'Hidden Mouse and Hover Entry'.
The 'Hide Password in amongst random charcters' mode works by SafeKeys 'pressing' random keystrokes. Therefore SafeKeys knows the difference between the keystrokes you make and the randomly generated ones.
Do note that this will NOT fool hardware keyloggers, which is why the mouse-only entry modes are safer.

SafeKeys does not connect to the internet at all. It does not store any of your information and does not transmit anything anywhere. So yes - you can block internet access...it doesn't use any!

Uninstallation is really easy - just go to the add/remove programs section in the Control Panel.

Yes, there are different variations on the Xerobank service. Tor is one of them.
The idea is that your traffic is not being routed through the internet cafe - it's going through the anonomysing service instead.

Posted 6 months ago #
anon_private
Member

Just a point about anonymisation.

If someone is conducting Internet banking, then a snooper will be interested in the data produced in order to attempt a hack. Is anonymity important? In other words, does it matter if the snooper knows anything about the connection since he, the snooper, will only be interested in the data produced so that he can gain access to the account. Hence the importance of Safekeys.

If anonymity is a good idea, then the set-up on a USB stick for Intenet banking on a public pc could be as follows:

Safekeys;
Firefox;
and some form of anonymisation. 'JonDo' looks promising (can use any browser).

Hopefully all three will work well together under Vista (Home Premium), 32 bit.

Thanks

A

Posted 6 months ago #
anon_private
Member

Just a thought.

If one only had Safekeys installed on a USB stick and then used the programme in association with the public access browser, and not using anonymisation facilities, then how safe would the banker be regarding security of transactions and other data?

Thanks

Posted 6 months ago #
neo
Moderator

If one only had Safekeys installed on a USB stick and then used the programme in association with the public access browser, and not using anonymisation facilities, then how safe would the banker be regarding security of transactions and other data?

It's really hard to quantify, but using SafeKeys does give you pretty good protection alone (so long as your bank uses https).

Posted 6 months ago #
anon_private
Member

Hi, I have just tried Safekeys.

A few points.

I find the 'Mouse Mode': Hover and Hidden difficullt to use, but find Hover Entry much easier. Is this secure enough?

Should the keybord mode be anabled? If so, which option do you recommend?

Options: Should the password be kept after drag and drop?

Show/hide the password masking. Which option do you recommend?

Hiding password among random character? Seems like a good idea. Should this option be recommended?

What is the idea behind beep on hover entry?

I can't see the programme in my firewall (McAfee). I think that it should be detected?

Posted 6 months ago #
anon_private
Member

Just tried: 'Hiding password among random characters.'
When this option is enabled the entry box seems to enter many characters and I can't see what I am doing. How is this function used? The programme then reverts to standard mode.

Posted 6 months ago #
neo
Moderator

From the features page: (http://www.aplin.com.au/?page_id=349)

When enabled, the Neo’s SafeKeys will get the comptuer to automatically type random characters into the password box. This way you can type your password on your keyboard, and it will be hidden (or obsfucated) within random characters. Most keyloggers will only capture a long string of random characters.

When you start the ‘Hide password in amongst random characters’ feature, Neo’s SafeKeys will begin typing random characters. When you stop the ‘Hide password in amongst random characters’ feature, Neo’s SafeKeys will stop typing random characters, and will remove all randomly-typed characters from the password box.

For example, if your password is “password123!”, depending on how fast you type (the slower you type, the more effective this is), most keyloggers will log something like:
“re407f9rtpcfalsls98wmozrb45df8mer1u22xu3iv4wXJ!FC%wfy9dkp1″.

You’ll note that the automatically-generated random characters are not typed at regular intervals; this timing randomisation better hides your actual key presses in amongst the random auto-generated key presses.

Note that whilst this is effective against most keyloggers, kernel and hardware keyloggers will not be fooled. (Tech speak: hardware keyloggers and kernel-based keyloggers will not be affected, as they intercept the keys prior to Windows getting the keystrokes. This is effective against most hook-based keyloggers, as Neo’s SafeKeys 2008 sends the random keystrokes via Windows, and the hook-based keyloggers can’t discern the random from the real keystrokes.)

Hope this helps!

Posted 6 months ago #
anon_private
Member

would you advise randomising both the Safekeys keyboard and the real keyboard?

Is there a security issue in revealing the password in Safekeys, that is removing the mask?

Thanks

Posted 6 months ago #
neo
Moderator

I would recommend you use the mouse entry modes only. These are the safest.

As an indication, I have removed the keyboard modes from the forthcoming version, as the mouse modes give much better protection.

Regarding removing the password mark, I would not recommend it, as you open yourself to screen loggers and field scraping.

Posted 6 months ago #
anon_private
Member

Am I right in thinking that generating random characters into the password is not supported in mouse mode. I could not get this to function. On stopping the random generation, everythig was removed? This might be a useful addition.

Another challenge is making it obvious to the user what key is being applied in Hidden Mode, and at the same time ensuring loggers are kept in ignorance. I have noticed that some public pc's, particulalry in libraries, do not support sound (Beep).

Best wishes.

A

Posted 6 months ago #
neo
Moderator

Am I right in thinking that generating random characters into the password is not supported in mouse mode.

That's correct. There is no security benefit to be had by generating random characters while using mouse mode.

Another challenge is making it obvious to the user what key is being applied in Hidden Mode, and at the same time ensuring loggers are kept in ignorance. I have noticed that some public pc's, particulalry in libraries, do not support sound (Beep).

True - sound is the best option, but isn't always available. The libraries near me allow people to use headphones, which would assist.

Posted 6 months ago #
anon_private
Member

Thanks for the response.

When banking using public pc's do you recommend any other packages that can be used with Safekeys that will enhance security? For example, a browser on the USB stick?

Thanks

Posted 6 months ago #
neo
Moderator

At this stage, apart from what has already been discussed in this post, not really.

If you're really interested in security, I suggest you visit http://www.techsupportalert.com (particularly their forum) and the http://www.wilderssecurity.com forum. Some of these people are really knowledgeable on security matters.

Posted 6 months ago #
anon_private
Member

Thank you.

Best wishes.

A

Posted 6 months ago #

RSS feed for this topic

Reply

You must log in to post.