Editing Login spoofing (section)

{{short description|Techniques used to steal a user's password}}
'''Login spoofings''' are techniques used to steal a user's [[password]].<ref>{{cite book
   |title=A Practical Introduction to Enterprise Network and Security Management
   |url=https://books.google.com/books?isbn=1498787983   |isbn=978-1498787987
   |author=Bongsik Shin |date=2017| publisher=CRC Press }}</ref><ref>{{cite web
|author1=Insupp Lee   |author2=Dianna Xu   
   |author2-link=Dianna Xu 
   |title=CSE 380 Computer Operating Systems
   |url=http://www.cis.upenn.edu/~lee/03cse380/lectures/ln22-security-v3.ppt|publisher=University of Pennsylvania
   |accessdate=6 April 2016  |page=35  |format=ppt  
   |date=2 December 2003}}</ref> The user is presented with an ordinary looking [[Logging (computer security)|login]] prompt for username and password, which is actually a malicious program (usually called a [[Trojan horse (computing)|Trojan horse]]) under the control of the [[security cracking|attacker]]. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

To prevent this, some [[operating system]]s require a special key combination (called a [[secure attention key]]) to be entered before a login screen is presented, for example [[Control-Alt-Delete]]. Users should be instructed to report login prompts that appear without having pressed this [[secure attention sequence]]. Only the [[kernel (operating system)|kernel]], which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised).