Onscreen Keyboard Password Input

Involved Joined: Apr 06, 2008 Posts: 484

I was on my online banking set up and noticed they have upgraded there security with new features and thought it could be used somehow in RN.Now this is just a thought so bare with me.

I have provided an image to show you as well as a complete working example.

Image:

Working Example:
http://www.mediafire.com/?whj2fyigzfz

basically the password is input via the js keyboard,Is this helpfull in anyway or just a waste of time?
Maybe when you click the admin link of your site a popup or login would display this keyboard.

Posted: Fri Feb 20, 2009 7:53 pm

Interesting.

Posted: Sat Feb 21, 2009 12:37 am

Would make it harder, but not impossible to subvert. Since JavaScript runs on the client-side, it would be hard to validate whether input is coming from the place you intend

Worker Joined: Oct 26, 2004 Posts: 134 Location: Boston

testy1 the same interface can be done in Firefox. I use it, Enter text with a Greasemonkey-powered virtual keyboard. Using a virtual keyboard isn't an absolute guarantee against having your login and password lifted—thieves can be rather resourceful, of course—but it is a good defense against hardware and basic software key-loggers. Virtual Keyboard Interface is a Greasemonkey script.

Greasemonkey Plugin For Firefox here https://addons.mozilla.org/en-US/firefox/addon/748

About virtual keyboard here http://userscripts.org/scripts/show/10974

Source Code here
http://userscripts.org/scripts/review/10974

Posted: Sat Feb 21, 2009 1:31 pm

Just a general caution with regards to Greasemonkey folks (not saying this to you Unit1, but to folks who may not know its full use). Be extremely careful as to what scripts you download/accept to be used with it. As always, know exactly what it is you are downloading and installing before you finally commit to going "all the way". Very powerful tool in the hands of a security analyst and hackers alike, with a few other "gems" like what Unit1 has found.

Posted: Sat Feb 21, 2009 2:55 pm

montego wrote:

Just a general caution with regards to Greasemonkey folks (not saying this to you Unit1, but to folks who may not know its full use). Be extremely careful as to what scripts you download/accept to be used with it. As always, know exactly what it is you are downloading and installing before you finally commit to going "all the way". Very powerful tool in the hands of a security analyst and hackers alike, with a few other "gems" like what Unit1 has found.

Thanks for the extra info montego Very Happy

Just goes to show everyone how you all are willing to take time out from your life to keep us up to date with the info we need to be safe. RavensScripts

Posted: Sat Feb 21, 2009 6:08 pm

Unit1 wrote:

testy1 the same interface can be done in Firefox. I use it, Enter text with a Greasemonkey-powered virtual keyboard. Using a virtual keyboard isn't an absolute guarantee against having your login and password lifted—thieves can be rather resourceful, of course—but it is a good defense against hardware and basic software key-loggers. Virtual Keyboard Interface is a Greasemonkey script.

Greasemonkey Plugin For Firefox here https://addons.mozilla.org/en-US/firefox/addon/748

About virtual keyboard here http://userscripts.org/scripts/show/10974

Source Code here
http://userscripts.org/scripts/review/10974

There is no absolute guarantee but this is different to grease monkey, grease monkey is just an enhancement

Posted: Mon Feb 23, 2009 6:07 am

Let me be clear. It absolutely is the same FireFox add-on and you need to be extremely careful which user scripts you allow it to load in! Trust me. This thing has its roots within the security analysis and hacker world. A script run through Greasemonkey can do pretty much anything it wants to do. I am just saying, know what it is you load into it.

Posted: Mon Feb 23, 2009 7:44 am

sorry I should have been clearer.....

I meant it wasn't through grease monkey it is actually hard coded...But I also know what your saying, If that makes any more sense Sad

Posted: Mon Feb 23, 2009 11:02 am

montego wrote:

Let me be clear. It absolutely is the same FireFox add-on and you need to be extremely careful which user scripts you allow it to load in! Trust me. This thing has its roots within the security analysis and hacker world. A script run through Greasemonkey can do pretty much anything it wants to do. I am just saying, know what it is you load into it.

So from your point the one I am using is it safe? I hate to post something here and come to find out I posted something that should not be used?

Posted: Mon Feb 23, 2009 4:08 pm

To be honest I dont like using grease monkey as you can never really trust the author of the plugins.All I am saying is the one I was testing was hard coded javascript file which is really no different to any other script you run on your site.

I don't no enough about grease monkey but have heard some stories so I choose to stay away from it altogether.Montego could probably fill you in a little more.

Posted: Mon Feb 23, 2009 6:03 pm

Well, I don't have time, unfortunately, to review GreaseMonkey scripts. Sorry. I was just serving the community at large with a warning just to be careful with it and especially others' scripts. Also be aware that I believe there is an auto-run/load type feature, that if you are not careful, and visit a site with the malicious code, you could end up installing/running it. It really is that powerful, and thus, dangerous. I leave it disabled unless I absolutely have a specific need for it.

Posted: Mon Feb 23, 2009 7:28 pm

GreaseMonkey script disabled

Thanks speedtype

Posted: Sun Jun 21, 2009 7:33 pm

I dont think Grease Monkey is a malicious script but it could be others modify it and make it dangerous and that is always u need to know where u download it. I always take GreaseMonkey from the author and I never had anyproblem. Just to mention it.

Posted: Thu Jun 25, 2009 8:09 pm

sexycoder, its not the GreaseMonkey FireFox plug-in that is the problem. It is the wealth of GreaseMonkey scripts that are available for download just about anywhere and everywhere and in some cases, you are unaware that the script you downloaded just automatically ran... there are other such security issues as well. GreaseMonkey is so powerful, that the wrong script at the wrong time with someone who doesn't know any better how to protect themselves could get into some serious hot water.

Enough said from me on this. You have been warned.

Posted: Fri Jun 26, 2009 12:47 am

my input , the virtual keyboard from google.load() Wink

[ Only registered users can see links on this board! Get registered or login! ]

code snippet :

Code:




/*


*  How to setup two keyboards for different textareas.


*/





google.load("elements", "1", {packages: "keyboard"});





function onLoad() {


  var content = document.getElementById('content');


  // Create the HTML for out text area


  content.innerHTML = '<div><i>(Scroll down)</i> ' +


                      'Type Hindi in one textarea and type Arabic in the other.</div>' +


                      '<textarea id="t1" style="width: 300px; ' +


                      'height: 100px;"></textarea> ' +


                      '<textarea id="t2" style="width: 300px; ' +


                      'height: 100px; direction: rtl;"></textarea> ';





  var kbd1 = new google.elements.keyboard.Keyboard(


      [google.elements.keyboard.LayoutCode.HINDI],


      ['t1']);


  var kbd2 = new google.elements.keyboard.Keyboard(


      [google.elements.keyboard.LayoutCode.ARABIC],


      ['t2']);


}





google.setOnLoadCallback(onLoad);

the only problems would be to keep up with google's code and them providing all keyboard set.

the only downside about google.load() is that you rely on their hosting.however I don't see google going down tomorow Wink