> Bruce Schneier still recommends using copy and paste to transfer passwords from a password manager to the browser
That's just a justification for his password manager which has no other way to transfer passwords. There's no security benefit.
Keyloggers don't literally "log keys." A stream of typed keys with no context is utterly useless. Particularly when the goal is automated data theft (rather than a dedicated attacker targeting you personally).
Most keyloggers are embedded somewhere on the HTTP stack (e.g. browser extensions/plugins, Win32 message hooking (e.g. steal the password from a specifically named element when that element is destroyed), TCP driver, etc).
Why do otherwise intelligent people continue to think that malware literally logs their keys? Even a cursory thought about the subject would flag all kinds of issues and better alternatives.
I strongly suggest everyone with an interest in the topic go grab some malware source code and read. It isn't like it is hard to find.
That's just a justification for his password manager which has no other way to transfer passwords. There's no security benefit.
Keyloggers don't literally "log keys." A stream of typed keys with no context is utterly useless. Particularly when the goal is automated data theft (rather than a dedicated attacker targeting you personally).
Most keyloggers are embedded somewhere on the HTTP stack (e.g. browser extensions/plugins, Win32 message hooking (e.g. steal the password from a specifically named element when that element is destroyed), TCP driver, etc).
Why do otherwise intelligent people continue to think that malware literally logs their keys? Even a cursory thought about the subject would flag all kinds of issues and better alternatives.
I strongly suggest everyone with an interest in the topic go grab some malware source code and read. It isn't like it is hard to find.