Jamming password thieves

Auckland software company SentryBay has developed software to beat malicious keystroke loggers.

The software works by bombarding keystroke logging software with a random stream of false keystrokes.

Chief executive Dave Waterson believes the software, called EntryProtect, is revolutionary.

"The keystroke logger can't tell the difference. It can't pick which parts are the password. It effectively thwarts any keystroke logger out there."

The software had no effect on system performance, Waterson said.

The development will be welcome news to bank customers following a Sunday Star-Times report about the ease with which key logging software can be installed on a computer to collect log-in names and passwords.

Waterson envisages that banks will make the software available for customers to download.

Users can then set the software to start automatically when they use online banking services.

Waterson said that by masking all keystrokes, the software was safer than the two-factor identification system some banks used to prevent passwords falling into the wrong hands.

On a site with two-factor security, users log in with their standard password and then receive a new password for each banking session.

Waterson said although that made it harder to gain fraudulent access to accounts, it did not prevent key loggers from observing keystrokes when users logged on.

A Westpac spokesman said the bank would be interested in looking at the software.

"It's focused in the right area, at least, in that it's on the user's computer.

"This whole thing is about the security of the computer the customer is using and not online banking."

EntryProtect randomly selects 10 characters a second to mask real keystrokes, rather than using a pre-determined code that could be cracked by hackers.

"The solution is simple and doesn't require any updates, and that goes with our philosophy in the anti-virus area," Waterson said.

Initial interest had been strong, and the company would also look at overseas markets.

"Every bank in the country is interested so we're pretty excited."

Although initially focused on the banking sector, Waterson said the software had potential in any environment where data security was important.

EntryProtect was developed about two years ago as part SentryBay's anti-virus package. Waterson said the company had been sorting out patents and getting the software ready to be launched as a standalone product.

"We've kept it in the cupboard knowing it's got this big use in online banking."

Security key

* Key loggers are malicious programs used to record passwords to secure websites.

* SentryBay's software confuses such programs by sending a stream of random data.

* The company says it is speaking to banks about making the software available to their online customers.

* Researchers say more than half New Zealand's 2.1 million internet users bank online, logging 160 million transactions in 2003.