Protecting passwords from interception: new Kaspersky Lab technology makes life more difficult for cybercriminals
23 Oct 2012
Press Releases, Product news
In their attempts to steal confidential data cybercriminals will use any available means, including specialized malware that intercepts passwords entered by users. Kaspersky Lab already boasts a number of technologies to secure confidential information, and in September 2012 the company received a Russian patent for a new password-protection technology. The new technique can be applied even to non-standard input methods, and to protect data entered using a variety of applications and electronic devices.
Passwords are one of the fundamental tools used to protect information from unauthorized access. Only complex passwords made up of at least ten characters can be considered truly strong, and in practice 34% of users do not pay due attention to protection and choose simpler alternatives, such as “12345”, “password” etc. Even a complex password, however, is no guarantee that information will remain fully secure – cybercriminals, for instance, can use keyloggers to intercept passwords when they are typed into a system. To prevent incidents like this, today’s users need modern technologies that protect data against interception.
The technology described in patent № 2461869 was developed by Kaspersky Lab expert Oleg Zaitsev and makes it possible to use special input methods such as a time lapse between the insertion of two password symbols, pressing the mouse buttons at a certain point while inputting the password, overlapping keystrokes (when the next key is pressed while the previous one is still held) etc. Such non-standard input techniques make it possible to insert a predefined combination into the password, so if there is a 10-symbol password, four could be ‘typed’ by left-clicking the mouse at the appropriate time. In this instance the user enters the first three symbols, clicks on the mouse to produce the next four, then types the remaining three characters. In this case any keylogger installed by cybercriminals will only be able to intercept the first and last three symbols, meaning the password remains secure.
The technology envisages the addition of a component to manage non-standard password insertion techniques. Here, users can individually configure the desired input methods and define exactly which password symbols they will replace. This allows users to configure their own password-protection system. At the same time, the newly patented technology is compatible with any application which provides a window for password insertion – from the greeting window in Windows OS to browsers and popular web services. The Kaspersky Lab technology can be also used to protect other electronic devices, e.g. for safe insertion of PIN codes on an ATM or mobile phone.
As of 1 October, 2012 Kaspersky Labs’ portfolio in Russia amounts to 64 patents. In all, the company has over 120 patents issued by the patent authorities in the USA, Russia, China and Europe.