Add mouse based login to avoid keyloggers
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gdm |
New
|
Undecided
|
Unassigned | ||
| gdm (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
Key loggers (hardware and software) can easily compromise security. I recently saw one way to thwart key loggers on a secure website. Instead of typing in a user name and password, I had to click it in with my mouse using a virtual keyboard. As added security, the placement of letters and numbers were randomized. So even if the location of my clicks was also recorded, it wouldn't be useful because it would never be the same placement twice. I suggest that any time Ubuntu asks for a password, a virtual scrambled keyboard be an input option. Extending this capability to other applications (like a web browser) would be awesome. This way, if I suspect my machine is compromised or I'm using some else's computer, I can guarantee password security.
Unfortunately, I'm not a programmer, but I'd be willing to help anyone interested in this idea.
| Kees Cook (kees) wrote | #1 |
| Pedro Villavicencio (pedro) wrote | #2 |
| Changed in gdm: | |
| status: | New → Confirmed |
| Sebastien Bacher (seb128) wrote | #3 |
| summary: |
- Thwarting a Key Logger + Add mouse based login to avoid keyloggers |
This has been added to the Security Team's "Wishlist" in the Roadmap: https:/