Editing Keystroke logging (section)

=== One-time passwords (OTP) ===
Using [[one-time password]]s may prevent unauthorized access to an account which has had its login details exposed to an attacker via a keylogger, as each password is invalidated as soon as it is used. This solution may be useful for someone using a public computer. However, an attacker who has remote control over such a computer can simply wait for the victim to enter their credentials before performing unauthorized transactions on their behalf while their session is active.

Another common way to protect access codes from being stolen by keystroke loggers is by asking users to provide a few randomly selected characters from their authentication code. For example, they might be asked to enter the 2nd, 5th, and 8th characters. Even if someone is watching the user or using a keystroke logger, they would only get a few characters from the code without knowing their positions.<ref>{{Cite journal |last1=Goring |first1=Stuart P. |last2=Rabaiotti |first2=Joseph R. |last3=Jones |first3=Antonia J. |date=2007-09-01 |title=Anti-keylogging measures for secure Internet login: An example of the law of unintended consequences |url=https://www.sciencedirect.com/science/article/pii/S0167404807000569 |journal=Computers & Security |volume=26 |issue=6 |pages=421–426 |doi=10.1016/j.cose.2007.05.003 |issn=0167-4048|url-access=subscription }}</ref>