How does a password manager protect me if I have a keylogger on my computer?

Password managers arguably provide greater security since it allows users to easily create unique, difficult-to-guess passwords for every website they log in to.

But, if someone has a keylogger on their computer, isn't all this security defeated as soon as the user inputs their master password to get into the password manager?

Even if the user implements one-time passwords or two-factor authentication, the password manager still inserts the password of your saved websites in when you log into them (e.g. auto-type in KeePass).

From this, it seems that if you have a keylogger on your computer, you're totally screwed when it comes to passwords...

Or are you?

Egghead99

Posted 2015-01-16T19:59:45.030

Reputation: 1 565

3In most cases, at least with the browser implemented solutions, the way the password is transferred into the password field within the browser is very difficult to intercept. Like all things when it comes to security if your system is already infected most security precautions are not actually useful. Password managers are solving an entirely different set of problems, preventing your password from being stolen by malware on the machine it resides on, isn't one of them. – Ramhound – 2015-01-16T20:10:02.840

A keylogger, by itself, cannot read the password database. However, if there is any malware on the machine, the database may very well be compromised by some other means. – bwDraco – 2015-01-16T21:43:12.017

Answers

As pointed out by @G-Man correctly in the comment.

The malware has still to upload the password database. I'm talking about KeePass and derivatives, which store passwords on your PC. If you have a cloud password manager a keylogger may detect that you are typing www.lastpass.com on your browser, or simply upload data to the malware's owner to guess which cloud service you use.

In general, a computer infected by malware is to be considered as totally violated unless contrary proven. An advanced keylogger might also capture clipboard contents, screen state, etc. You can never prove you have been attacked by a kid's toy or by a complex work of engineering

usr-local-ΕΨΗΕΛΩΝ

Posted 2015-01-16T19:59:45.030

Reputation: 3 733

-2

Some password managers give also protection against keyloggers for instance using keyboard encryption when typing the master password. I don't personaly favor visual keyboard, since keyloggers car take hidden screen prints at a rather high frequency.

Cfylyp

Posted 2015-01-16T19:59:45.030

Reputation: 1

-2

Not necessarily. if you would have keylogger, the attacker would get the "master" password to the keylogger system, which in itself might be bad, but base on which one you are using they would have to manually try to see if you have online sync setup and you may not, which means that you are protected

So for example I use RoboForm - only the desktop version with no online sync.

You ptu key logger on my system, you are goign to get my Passw0rd! for RoboForm but the transfer of my password for www.chase.com between the browser and RoboForm is still secure. So you can try to guess my email at www.roboform.com and see if I do onlien sync but you will fail....

Thus I am still protected

TomEus

Posted 2015-01-16T19:59:45.030

Reputation: 3 355

1But, if the attacker has enough access to your computer to install the keylogger, he has enough access to read your password manager's encrypted files, so he can use your master password to decrypt the others. Even if he can't access the passwords in the clear, he can clone your entire machine and then login to your accounts (bank, email, etc.) and do whatever damage he wants. – G-Man Says 'Reinstate Monica' – 2015-01-16T20:26:54.550

It depends how the keylogger was installed - to clone the whole machine takes hours, in most cases I see the keyloggers get installed either remotely thus entire copy is not feasible or locally with some quick action like inserting USB key, executing and removing (insider attack) – TomEus – 2015-01-16T22:39:54.907

-2

Yes, a keylogger can intercept anything typed, which is why high-security apps use the on-screen keyboard, which uses the mouse, touch-pad or touch interface.

DrMoishe Pippik

Posted 2015-01-16T19:59:45.030

Reputation: 13 291