Secure way to log in to a website on someone else's computer












106














Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?



Although related, but note that this is a bit different from this question since I am not using my own computer to log in.










share|improve this question




















  • 9




    Can you create a virtual machine on their box?
    – DarkMatter
    Nov 29 '18 at 16:46






  • 5




    @DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
    – today
    Nov 29 '18 at 16:50






  • 5




    it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
    – DarkMatter
    Nov 29 '18 at 17:25








  • 39




    A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
    – reed
    Nov 29 '18 at 18:17








  • 3




    Remember: Once you've lost physical control of the device, all bets are off.
    – Marc.2377
    Dec 1 '18 at 4:12


















106














Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?



Although related, but note that this is a bit different from this question since I am not using my own computer to log in.










share|improve this question




















  • 9




    Can you create a virtual machine on their box?
    – DarkMatter
    Nov 29 '18 at 16:46






  • 5




    @DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
    – today
    Nov 29 '18 at 16:50






  • 5




    it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
    – DarkMatter
    Nov 29 '18 at 17:25








  • 39




    A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
    – reed
    Nov 29 '18 at 18:17








  • 3




    Remember: Once you've lost physical control of the device, all bets are off.
    – Marc.2377
    Dec 1 '18 at 4:12
















106












106








106


18





Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?



Although related, but note that this is a bit different from this question since I am not using my own computer to log in.










share|improve this question















Suppose I am in a situation that I am forced to log in to my account using someone else's computer. Is there any secure way to do that so that I would be sure that my login details (i.e. password) are not recorded by any means (e.g. keystroke logging)? Or if it is impossible, what are the ways to at least mitigate the risks?



Although related, but note that this is a bit different from this question since I am not using my own computer to log in.







authentication






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 2 '18 at 14:14









Boann

1835




1835










asked Nov 29 '18 at 16:44









today

639247




639247








  • 9




    Can you create a virtual machine on their box?
    – DarkMatter
    Nov 29 '18 at 16:46






  • 5




    @DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
    – today
    Nov 29 '18 at 16:50






  • 5




    it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
    – DarkMatter
    Nov 29 '18 at 17:25








  • 39




    A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
    – reed
    Nov 29 '18 at 18:17








  • 3




    Remember: Once you've lost physical control of the device, all bets are off.
    – Marc.2377
    Dec 1 '18 at 4:12
















  • 9




    Can you create a virtual machine on their box?
    – DarkMatter
    Nov 29 '18 at 16:46






  • 5




    @DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
    – today
    Nov 29 '18 at 16:50






  • 5




    it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
    – DarkMatter
    Nov 29 '18 at 17:25








  • 39




    A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
    – reed
    Nov 29 '18 at 18:17








  • 3




    Remember: Once you've lost physical control of the device, all bets are off.
    – Marc.2377
    Dec 1 '18 at 4:12










9




9




Can you create a virtual machine on their box?
– DarkMatter
Nov 29 '18 at 16:46




Can you create a virtual machine on their box?
– DarkMatter
Nov 29 '18 at 16:46




5




5




@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 '18 at 16:50




@DarkMatter Unfortunately, no. I am not allowed to do that. Even if I am allowed, I guess it would take some time (> 15 min) to do that and they don't have enough patience :) Although, I am interested to know how that helps. Please include it as an answer if you would like.
– today
Nov 29 '18 at 16:50




5




5




it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 '18 at 17:25






it all depends on how they are monitoring your activity... operating inside of your own clean VM on their box (using a clean OSK) will bypass a number of the ways they could monitor your activity. Furthermore you can also delete the VM afterward to further remove evidence of your activities. Ultimately though if they own the hardware in theory there is no way to be bullet-proof (2FA helps some to mitigate ramifications of their monitoring)
– DarkMatter
Nov 29 '18 at 17:25






39




39




A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 '18 at 18:17






A live OS (booted via USB or DVD) is probably more handy. However that won't protect you from hardware keyloggers for example. The best solution seems to be what Cowthulhu suggested in the answer, 2FA, when available. Also maybe change password and force a logout on all devices once you are back home on your computer, if the service makes this possible. A lot of this also depends on how knowledgeable and determined is your "enemy".
– reed
Nov 29 '18 at 18:17






3




3




Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 '18 at 4:12






Remember: Once you've lost physical control of the device, all bets are off.
– Marc.2377
Dec 1 '18 at 4:12












13 Answers
13






active

oldest

votes


















119














This is an interesting question!



The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.



We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).



Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).



This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.



Additionally, consider the following, via user TemporalWolf




Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.







share|improve this answer



















  • 5




    "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
    – Qwertie
    Nov 30 '18 at 5:07






  • 21




    Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
    – forest
    Nov 30 '18 at 7:25






  • 5




    The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
    – Chris Cirefice
    Nov 30 '18 at 17:07








  • 9




    "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
    – Steve Jessop
    Dec 1 '18 at 22:53








  • 2




    @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
    – Damon
    Dec 4 '18 at 8:36



















38














In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).



This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.



Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.





Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.



While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.



As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.



But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.






share|improve this answer























  • That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
    – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
    Nov 30 '18 at 13:06






  • 7




    Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
    – martinstoeckli
    Dec 3 '18 at 12:38










  • @martinstoeckli Yep, but that's the opposite of this question.
    – iBug
    Dec 3 '18 at 13:59










  • I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
    – cybernard
    Dec 3 '18 at 14:54






  • 1




    @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
    – iBug
    Dec 4 '18 at 15:16



















23














If you encounter this situation regularly, try the following:




  1. Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.


  2. Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.



Edit:



As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.



Potential weaknesses of this method:



This method is vulnerable to the following:




  • Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.

  • Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.






share|improve this answer



















  • 3




    For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
    – Xen2050
    Nov 30 '18 at 11:41








  • 5




    "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
    – Bergi
    Dec 2 '18 at 13:55






  • 1




    @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
    – daviewales
    Dec 2 '18 at 21:16






  • 2




    "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
    – Acccumulation
    Dec 3 '18 at 23:38






  • 1




    I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
    – Acccumulation
    Dec 5 '18 at 21:18





















17














Use SQRL



If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.



SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.



EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.






share|improve this answer























  • It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
    – today
    Nov 29 '18 at 21:54






  • 3




    The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
    – caw
    Nov 30 '18 at 1:28






  • 19




    security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
    – vidarlo
    Nov 30 '18 at 6:41








  • 4




    A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
    – schroeder
    Dec 3 '18 at 10:33






  • 2




    The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
    – Beanluc
    Dec 3 '18 at 18:45



















5














It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...




  1. Open text editor of choice.

  2. Type out the full alphabet in both upper and lower case.

  3. type out the full range of numbers and symbols that are available.

  4. Copy and paste letter by letter to enter your password on the web form.

  5. As an added layer of obfuscation, don't grab the letters in the same order as the final password


I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.



Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.






share|improve this answer

















  • 19




    Surely an off-the-shelf screen recorder would counter this?
    – Draconis
    Nov 29 '18 at 20:20










  • Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
    – today
    Nov 29 '18 at 20:40






  • 3




    @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
    – Rozwel
    Nov 29 '18 at 20:44








  • 7




    A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
    – Nathan Goings
    Nov 29 '18 at 21:39






  • 1




    @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
    – JoL
    Nov 29 '18 at 21:43



















5














There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.






share|improve this answer





















  • This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
    – miroxlav
    Dec 4 '18 at 2:29












  • @miroxlav It can't. But as I said, at least one major company supports it.
    – Duncan X Simpson
    Dec 4 '18 at 2:34



















4














If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.



There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.



Mitigation of Hardware based vulnerabilities




  • Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.

  • Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.

  • Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.

  • Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.

  • Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.


Software methods of decreasing the risk




  • Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.

  • Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.


The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.






share|improve this answer





























    4














    The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.



    If you have probable cause or general paranoia then do not perform unsafe actions.



    Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.





    What is the threat model anyways?




    • Do you not trust the person?

    • Do you not trust the computer?

    • Are you trying to prevent their access from the particular website which you are logging in to?

    • Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?

    • Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?

    • Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.






    share|improve this answer























    • I think the OP is worrying about foreign immigration officers asking him to show his social media
      – usr-local-ΕΨΗΕΛΩΝ
      Dec 3 '18 at 8:26



















    2














    You don't specify whether you need to login via someone's computer because you:




    1. Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.

    2. Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.

    3. Need their network (e.g. you need to be inside their LAN, but with your own device)

    4. Don't need their network or device at all, it is just convenient for you to use their computer.


    The optimal way of addressing these concerns is, in the reverse order:



    Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.



    Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.



    Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.



    Case 1. Also helps with Case 2.




    • a) Require Administrator/root access.


    • b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.


    • c) Change your access password via your 3G/4G phone to something temporary,


    • d) Access the server, use 2FA


    • e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)


    • f) Change password back via your 3G/4G phone


    • g) Set the firewall back to normal.



    Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:




    • a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.


    • b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.


    • c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.


    • d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!


    • e) Proceed as in previously described in 1c) and on.


    • f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.



    The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.



    I would appreciate feedback on that route, if I perhaps missed something.






    share|improve this answer





























      1














      In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.



      Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.



      Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.






      share|improve this answer





























        0














        If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.



        If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.






        share|improve this answer

















        • 4




          I trust my grandmother. I do not trust that her computer is clean.
          – schroeder
          Dec 3 '18 at 13:49



















        0














        Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:



        If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
        I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.



        So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.



        So if I am forced to login: "I don't know my password".






        share|improve this answer





















        • You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
          – Kolappan Nathan
          Dec 4 '18 at 9:08






        • 1




          This is an anti-answer. The premise is that user must log in.
          – schroeder
          Dec 4 '18 at 9:26



















        -2














        When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.



        That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.






        share|improve this answer

















        • 1




          How would a sandboxed process or an encrypted home directory defeat keylogging?
          – forest
          Nov 30 '18 at 7:23










        • I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
          – user192527
          Nov 30 '18 at 7:25












        • If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
          – forest
          Nov 30 '18 at 7:27










        • I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
          – user192527
          Nov 30 '18 at 7:36






        • 1




          There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
          – David Conrad
          Dec 1 '18 at 17:16











        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "162"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        noCode: true, onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198726%2fsecure-way-to-log-in-to-a-website-on-someone-elses-computer%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        13 Answers
        13






        active

        oldest

        votes








        13 Answers
        13






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        119














        This is an interesting question!



        The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.



        We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).



        Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).



        This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.



        Additionally, consider the following, via user TemporalWolf




        Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.







        share|improve this answer



















        • 5




          "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
          – Qwertie
          Nov 30 '18 at 5:07






        • 21




          Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
          – forest
          Nov 30 '18 at 7:25






        • 5




          The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
          – Chris Cirefice
          Nov 30 '18 at 17:07








        • 9




          "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
          – Steve Jessop
          Dec 1 '18 at 22:53








        • 2




          @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
          – Damon
          Dec 4 '18 at 8:36
















        119














        This is an interesting question!



        The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.



        We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).



        Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).



        This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.



        Additionally, consider the following, via user TemporalWolf




        Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.







        share|improve this answer



















        • 5




          "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
          – Qwertie
          Nov 30 '18 at 5:07






        • 21




          Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
          – forest
          Nov 30 '18 at 7:25






        • 5




          The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
          – Chris Cirefice
          Nov 30 '18 at 17:07








        • 9




          "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
          – Steve Jessop
          Dec 1 '18 at 22:53








        • 2




          @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
          – Damon
          Dec 4 '18 at 8:36














        119












        119








        119






        This is an interesting question!



        The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.



        We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).



        Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).



        This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.



        Additionally, consider the following, via user TemporalWolf




        Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.







        share|improve this answer














        This is an interesting question!



        The rule of thumb is that if someone else has control of the device (and they're determined enough), they will always be able to monitor and modify all of your actions on the device.



        We can (to a somewhat limited extent) get around this though! Two-factor authentication can be used to ensure that even if someone has your password, they cannot get into your account without also having access to a separate device (owned and controlled by you).



        Keep in mind that once you log in, the computer ultimately has control over your interaction with the website, and as a result it could trivially see everything you do on the site and, less trivially, modify your requests to the site (including not logging you out properly when you're done, and potentially changing your login details to lock you out of your own account).



        This all depends on how worried you are about being attacked - if you're just logging into Facebook on a friends computer, you can probably trust that when you hit "Log Out", it actually logs you out. If you're logging into something really important, however, you may want to stick to devices you control.



        Additionally, consider the following, via user TemporalWolf




        Some websites allow for the generation of single-use one time passwords which sidesteps any sort of password logging... as you mentioned, this doesn't stop them from mucking with the now authenticated session.








        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 3 '18 at 23:36

























        answered Nov 29 '18 at 16:55









        Cowthulhu

        1,1621217




        1,1621217








        • 5




          "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
          – Qwertie
          Nov 30 '18 at 5:07






        • 21




          Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
          – forest
          Nov 30 '18 at 7:25






        • 5




          The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
          – Chris Cirefice
          Nov 30 '18 at 17:07








        • 9




          "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
          – Steve Jessop
          Dec 1 '18 at 22:53








        • 2




          @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
          – Damon
          Dec 4 '18 at 8:36














        • 5




          "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
          – Qwertie
          Nov 30 '18 at 5:07






        • 21




          Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
          – forest
          Nov 30 '18 at 7:25






        • 5




          The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
          – Chris Cirefice
          Nov 30 '18 at 17:07








        • 9




          "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
          – Steve Jessop
          Dec 1 '18 at 22:53








        • 2




          @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
          – Damon
          Dec 4 '18 at 8:36








        5




        5




        "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
        – Qwertie
        Nov 30 '18 at 5:07




        "you can probably trust that when you hit "Log Out", it actually logs you out." Unless your friend unknowingly has malware on their computer.
        – Qwertie
        Nov 30 '18 at 5:07




        21




        21




        Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
        – forest
        Nov 30 '18 at 7:25




        Since this is saying that someone else having control of a device ensures they will always be able to monitor actions that take place on it, it is the only correct answer.
        – forest
        Nov 30 '18 at 7:25




        5




        5




        The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
        – Chris Cirefice
        Nov 30 '18 at 17:07






        The issue with 2FA is that if indeed the attacker did have a keylogger and indeed modified the requests to the website(s) to essentially block a logout, they would then be able to change your account password/2FA settings having keylogged your password when you logged in. I don't know of any services that require 2FA to change the password once already authenticated. So that's an interesting dilemma.
        – Chris Cirefice
        Nov 30 '18 at 17:07






        9




        9




        "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
        – Steve Jessop
        Dec 1 '18 at 22:53






        "If you're entering missile launch codes however, you may want to stick to devices you control." -- aren't those pretty much a textbook example of immunity to replay attacks? You can't kick off global thermonuclear war twice.
        – Steve Jessop
        Dec 1 '18 at 22:53






        2




        2




        @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
        – Damon
        Dec 4 '18 at 8:36




        @ChrisCirefice: As it happens my bank requires 2FA after having authenticated for everything with the exception of reading account balance. Including, but not limited to changing password. You cannot even open a CS ticket without entering a SMS-TAN (which is funny because assuming you have trouble with that, there's no way of contacting CS?). Need to wire a large sum of money? That's 3 TANs to enter for you. One to bump the transaction limit up, one for the transaction, and one to restore the limit to normal. That's truly the only service running in such a paranoia mode that I know, though.
        – Damon
        Dec 4 '18 at 8:36













        38














        In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).



        This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.



        Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.





        Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.



        While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.



        As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.



        But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.






        share|improve this answer























        • That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
          – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
          Nov 30 '18 at 13:06






        • 7




          Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
          – martinstoeckli
          Dec 3 '18 at 12:38










        • @martinstoeckli Yep, but that's the opposite of this question.
          – iBug
          Dec 3 '18 at 13:59










        • I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
          – cybernard
          Dec 3 '18 at 14:54






        • 1




          @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
          – iBug
          Dec 4 '18 at 15:16
















        38














        In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).



        This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.



        Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.





        Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.



        While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.



        As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.



        But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.






        share|improve this answer























        • That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
          – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
          Nov 30 '18 at 13:06






        • 7




          Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
          – martinstoeckli
          Dec 3 '18 at 12:38










        • @martinstoeckli Yep, but that's the opposite of this question.
          – iBug
          Dec 3 '18 at 13:59










        • I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
          – cybernard
          Dec 3 '18 at 14:54






        • 1




          @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
          – iBug
          Dec 4 '18 at 15:16














        38












        38








        38






        In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).



        This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.



        Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.





        Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.



        While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.



        As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.



        But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.






        share|improve this answer














        In my practice, when I need extra security, I usually change the password on my phone (or another trusted device), then log in on the untrusted computer and after everything is done, change my password back (if possible).



        This relies on the fact that changing password logs you out everywhere, for most websites. It's rather practical.



        Alternatively, some websites offer a "session control" where you can force detach / terminate sessions if you want.





        Besides what I said above, I also have a 128 GiB portable SSD with me, formatted to GPT and has 3 partitions: the EFI System Partition, an Ubuntu, and a Windows To Go.



        While software security wasn't my concern while creating this portable SSD, it is undoubtedly a good gadget to have for the purpose. Theoretically and practically, running operating systems on such self-made pieces of storage provides a fully trusted software environment, and can 100% eliminate any software thread on the foreign machine.



        As others have answered, such gadgets usually aren't effective against hardware-based intrusion, for example a key logger (unless some stupid ones require drivers to work, then you can LOL). For those things, you have better check them by looking at the hardware ports. If there's anything malicious inside the crate, then you're out of luck.



        But again, it's an interpersonal question. If you're logging in on your trusted friend's computer, and the friend isn't a techie, you probably need no more actions than launching the browser in incognito or InPrivate (Internet Explorer) mode.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 3 '18 at 10:13

























        answered Nov 30 '18 at 3:28









        iBug

        55018




        55018












        • That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
          – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
          Nov 30 '18 at 13:06






        • 7




          Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
          – martinstoeckli
          Dec 3 '18 at 12:38










        • @martinstoeckli Yep, but that's the opposite of this question.
          – iBug
          Dec 3 '18 at 13:59










        • I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
          – cybernard
          Dec 3 '18 at 14:54






        • 1




          @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
          – iBug
          Dec 4 '18 at 15:16


















        • That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
          – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
          Nov 30 '18 at 13:06






        • 7




          Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
          – martinstoeckli
          Dec 3 '18 at 12:38










        • @martinstoeckli Yep, but that's the opposite of this question.
          – iBug
          Dec 3 '18 at 13:59










        • I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
          – cybernard
          Dec 3 '18 at 14:54






        • 1




          @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
          – iBug
          Dec 4 '18 at 15:16
















        That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
        – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
        Nov 30 '18 at 13:06




        That's a good idea, which doesn't require special knowledge nor tools, and keeps things secure enough.
        – a25bedc5-3d09-41b8-82fb-ea6c353d75ae
        Nov 30 '18 at 13:06




        7




        7




        Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
        – martinstoeckli
        Dec 3 '18 at 12:38




        Having a portable SSD is surely a good idea, but looking from the other side, I would never let somebody boot my computer with his own OS.
        – martinstoeckli
        Dec 3 '18 at 12:38












        @martinstoeckli Yep, but that's the opposite of this question.
        – iBug
        Dec 3 '18 at 13:59




        @martinstoeckli Yep, but that's the opposite of this question.
        – iBug
        Dec 3 '18 at 13:59












        I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
        – cybernard
        Dec 3 '18 at 14:54




        I would suggest still using MBR because not every one has GPT yet, but good idea anyway.
        – cybernard
        Dec 3 '18 at 14:54




        1




        1




        @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
        – iBug
        Dec 4 '18 at 15:16




        @MichaelMior Yep that's another "dependency" issue. But as far as I have seen, all websites have logged me out everywhere (terminate all sessions) when I change my password.
        – iBug
        Dec 4 '18 at 15:16











        23














        If you encounter this situation regularly, try the following:




        1. Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.


        2. Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.



        Edit:



        As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.



        Potential weaknesses of this method:



        This method is vulnerable to the following:




        • Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.

        • Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.






        share|improve this answer



















        • 3




          For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
          – Xen2050
          Nov 30 '18 at 11:41








        • 5




          "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
          – Bergi
          Dec 2 '18 at 13:55






        • 1




          @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
          – daviewales
          Dec 2 '18 at 21:16






        • 2




          "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
          – Acccumulation
          Dec 3 '18 at 23:38






        • 1




          I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
          – Acccumulation
          Dec 5 '18 at 21:18


















        23














        If you encounter this situation regularly, try the following:




        1. Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.


        2. Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.



        Edit:



        As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.



        Potential weaknesses of this method:



        This method is vulnerable to the following:




        • Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.

        • Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.






        share|improve this answer



















        • 3




          For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
          – Xen2050
          Nov 30 '18 at 11:41








        • 5




          "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
          – Bergi
          Dec 2 '18 at 13:55






        • 1




          @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
          – daviewales
          Dec 2 '18 at 21:16






        • 2




          "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
          – Acccumulation
          Dec 3 '18 at 23:38






        • 1




          I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
          – Acccumulation
          Dec 5 '18 at 21:18
















        23












        23








        23






        If you encounter this situation regularly, try the following:




        1. Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.


        2. Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.



        Edit:



        As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.



        Potential weaknesses of this method:



        This method is vulnerable to the following:




        • Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.

        • Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.






        share|improve this answer














        If you encounter this situation regularly, try the following:




        1. Create a Tails live USB stick. Tails is a Linux operating system designed to run off a USB, which can be booted on most computers. Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot.


        2. Use the on-screen keyboard. You should cover this with your hand as you type, to prevent anyone from observing. This defends against hardware based key-loggers. Note that you don't need to worry about screen-recording software, because you are running Tails, which means that you have full control over all software running on the system.



        Edit:



        As @Xen2050 mentioned in the comments, you can also achieve this with other operating systems which may be more user friendly. For instance, here are instructions for creating a live Ubuntu Linux USB on Windows, Mac or Ubuntu. And here are the instructions for accessing the on-screen keyboard on Ubuntu.



        Potential weaknesses of this method:



        This method is vulnerable to the following:




        • Hardware based screen recording. It is possible to insert a device between the computer and the screen which will record everything sent to the screen. For example, this one. To protect against this, inspect the cable, and make sure there are no devices between the computer and the screen. Note however, that it is possible to install internal screen recording devices which would be much more difficult to detect. If you suspect this, then you may be able to circumvent them by unplugging the screen from the back of the computer, and reconnecting it to a different port.

        • Malicious firmware, BIOS, rootkit, etc. This is probably the most difficult vulnerability to defend against. If you suspect that the computer you are using has malicious firmware, don't use it! Find another way to login to the website, or don't login to it.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 1 '18 at 2:38

























        answered Nov 30 '18 at 7:00









        daviewales

        33317




        33317








        • 3




          For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
          – Xen2050
          Nov 30 '18 at 11:41








        • 5




          "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
          – Bergi
          Dec 2 '18 at 13:55






        • 1




          @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
          – daviewales
          Dec 2 '18 at 21:16






        • 2




          "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
          – Acccumulation
          Dec 3 '18 at 23:38






        • 1




          I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
          – Acccumulation
          Dec 5 '18 at 21:18
















        • 3




          For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
          – Xen2050
          Nov 30 '18 at 11:41








        • 5




          "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
          – Bergi
          Dec 2 '18 at 13:55






        • 1




          @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
          – daviewales
          Dec 2 '18 at 21:16






        • 2




          "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
          – Acccumulation
          Dec 3 '18 at 23:38






        • 1




          I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
          – Acccumulation
          Dec 5 '18 at 21:18










        3




        3




        For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
        – Xen2050
        Nov 30 '18 at 11:41






        For unknown hardware, and since you don't seem to need the network properties of TAILS, using a more friendly and bootable distro like Mint or Ubuntu or other beginner-friendly one might be a lot more successful; TAILS might not have nearly as much luck booting on "new" unknown devices
        – Xen2050
        Nov 30 '18 at 11:41






        5




        5




        "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
        – Bergi
        Dec 2 '18 at 13:55




        "Using the on-screen keyboard defends against hardware based key-loggers" - unless they include a mouse logger (for click coordinates etc) :-)
        – Bergi
        Dec 2 '18 at 13:55




        1




        1




        @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
        – daviewales
        Dec 2 '18 at 21:16




        @Bergi Some possible defences against mouse loggers: Move the onscreen keyboard to a random location on the screen before each keypress. Switch to a random keyboard layout. Find an onscreen keyboard that scrambles the location of the keys.
        – daviewales
        Dec 2 '18 at 21:16




        2




        2




        "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
        – Acccumulation
        Dec 3 '18 at 23:38




        "Using Tails means that you don't need to worry about any software that the hostile computer may have installed. Because you are completely bypassing it from boot." You're bypassing it only if the machine allows you to bypass it. That may be the behavior of standard hardware, but it's still depending on the hardware to not be malicious.
        – Acccumulation
        Dec 3 '18 at 23:38




        1




        1




        I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
        – Acccumulation
        Dec 5 '18 at 21:18






        I don't have any examples of anything that I know of actually been implemented, but there's nothing physically impossible about creating a device that reads a USB, emulates internally the software on the USB, then externally performs a MITM attack. That is, the device could have an internal virtual machine running the software on the USB and perform a MITM attack between the virtual machine and the user.
        – Acccumulation
        Dec 5 '18 at 21:18













        17














        Use SQRL



        If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.



        SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.



        EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.






        share|improve this answer























        • It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
          – today
          Nov 29 '18 at 21:54






        • 3




          The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
          – caw
          Nov 30 '18 at 1:28






        • 19




          security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
          – vidarlo
          Nov 30 '18 at 6:41








        • 4




          A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
          – schroeder
          Dec 3 '18 at 10:33






        • 2




          The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
          – Beanluc
          Dec 3 '18 at 18:45
















        17














        Use SQRL



        If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.



        SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.



        EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.






        share|improve this answer























        • It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
          – today
          Nov 29 '18 at 21:54






        • 3




          The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
          – caw
          Nov 30 '18 at 1:28






        • 19




          security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
          – vidarlo
          Nov 30 '18 at 6:41








        • 4




          A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
          – schroeder
          Dec 3 '18 at 10:33






        • 2




          The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
          – Beanluc
          Dec 3 '18 at 18:45














        17












        17








        17






        Use SQRL



        If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.



        SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.



        EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.






        share|improve this answer














        Use SQRL



        If a website supports SQRL (https://www.grc.com/sqrl/sqrl.htm) then you have the option of having it display a QR code in the computer's browser that you let the SQRL app in your cell phone read, and thereby negotiate the authentication out of band.



        SQRL is not yet widely adopted, but this precise use case was designed in from the beginning. (The other main use case is a SQRL app on your computer working in concert with the browser). In neither case is a password transmitted; SQRL uses Elliptic Curve public/private key technology to sign a nonce presented by the server to prove the user has the private key associated with the public key stored on the server in the user's account info.



        EDIT: Because so few sites support SQRL, this is probably not a good answer as of Nov/Dec 2018, but it may be a good answer in the future. I don't think there is a secure way to log into a website on a computer under someone else's control (which may have a key/click-logger installed), which was one of the reasons SQRL was created in the first place. The out-of-band login approach, which does not rely upon the possibly-compromised computer to preserve a secret like a password, whether it be the specific form taken by the SQRL protocol or some competing scheme that uses the same general idea, is an essential component of any good answer.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 3 '18 at 18:56

























        answered Nov 29 '18 at 21:40









        Monty Harder

        48236




        48236












        • It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
          – today
          Nov 29 '18 at 21:54






        • 3




          The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
          – caw
          Nov 30 '18 at 1:28






        • 19




          security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
          – vidarlo
          Nov 30 '18 at 6:41








        • 4




          A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
          – schroeder
          Dec 3 '18 at 10:33






        • 2




          The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
          – Beanluc
          Dec 3 '18 at 18:45


















        • It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
          – today
          Nov 29 '18 at 21:54






        • 3




          The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
          – caw
          Nov 30 '18 at 1:28






        • 19




          security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
          – vidarlo
          Nov 30 '18 at 6:41








        • 4




          A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
          – schroeder
          Dec 3 '18 at 10:33






        • 2




          The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
          – Beanluc
          Dec 3 '18 at 18:45
















        It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
        – today
        Nov 29 '18 at 21:54




        It's a very interesting method! I was not aware of it at all. Thanks for mentioning it.
        – today
        Nov 29 '18 at 21:54




        3




        3




        The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
        – caw
        Nov 30 '18 at 1:28




        The concept is definitely interesting, although it may need some (more) peer review and usability testing in practice. Anyway, this solution is not practical today, and the author of the question seemed to ask mainly as a user and not as a developer. Try using this method with Google, Amazon or Facebook today.
        – caw
        Nov 30 '18 at 1:28




        19




        19




        security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
        – vidarlo
        Nov 30 '18 at 6:41






        security.blogoverflow.com/2013/10/debunking-sqrl - A well designed solution such as U2F is probably better than what Steve Gibson (which is largely a crank) managed to sting together by himself.
        – vidarlo
        Nov 30 '18 at 6:41






        4




        4




        A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
        – schroeder
        Dec 3 '18 at 10:33




        A note from a mod: SQRL has not had the best reputation since it first came out. We have had members inspect the architecture documents when it was first released and found it wanting. But it has been 5 years and we know that the developers have made changes as a result of the critiques, but we cannot find recent reviews. So, caveat emptor with SQRL. What is known is that there are more widely used and tested options available.
        – schroeder
        Dec 3 '18 at 10:33




        2




        2




        The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
        – Beanluc
        Dec 3 '18 at 18:45




        The reason this is a terrible answer has nothing to do with the merits of SQRL or its developer(s), but because it suggests that the end user has an option to "just use it" if they want. Doesn't work that way.
        – Beanluc
        Dec 3 '18 at 18:45











        5














        It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...




        1. Open text editor of choice.

        2. Type out the full alphabet in both upper and lower case.

        3. type out the full range of numbers and symbols that are available.

        4. Copy and paste letter by letter to enter your password on the web form.

        5. As an added layer of obfuscation, don't grab the letters in the same order as the final password


        I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.



        Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.






        share|improve this answer

















        • 19




          Surely an off-the-shelf screen recorder would counter this?
          – Draconis
          Nov 29 '18 at 20:20










        • Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
          – today
          Nov 29 '18 at 20:40






        • 3




          @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
          – Rozwel
          Nov 29 '18 at 20:44








        • 7




          A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
          – Nathan Goings
          Nov 29 '18 at 21:39






        • 1




          @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
          – JoL
          Nov 29 '18 at 21:43
















        5














        It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...




        1. Open text editor of choice.

        2. Type out the full alphabet in both upper and lower case.

        3. type out the full range of numbers and symbols that are available.

        4. Copy and paste letter by letter to enter your password on the web form.

        5. As an added layer of obfuscation, don't grab the letters in the same order as the final password


        I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.



        Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.






        share|improve this answer

















        • 19




          Surely an off-the-shelf screen recorder would counter this?
          – Draconis
          Nov 29 '18 at 20:20










        • Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
          – today
          Nov 29 '18 at 20:40






        • 3




          @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
          – Rozwel
          Nov 29 '18 at 20:44








        • 7




          A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
          – Nathan Goings
          Nov 29 '18 at 21:39






        • 1




          @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
          – JoL
          Nov 29 '18 at 21:43














        5












        5








        5






        It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...




        1. Open text editor of choice.

        2. Type out the full alphabet in both upper and lower case.

        3. type out the full range of numbers and symbols that are available.

        4. Copy and paste letter by letter to enter your password on the web form.

        5. As an added layer of obfuscation, don't grab the letters in the same order as the final password


        I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.



        Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.






        share|improve this answer












        It is a major PIA, but relatively secure with respect to protecting your password. Mostly because it is such a PIA that nobody is likely to put together what is needed to capture it. Which means the caveat about security through obscurity likely applies here...




        1. Open text editor of choice.

        2. Type out the full alphabet in both upper and lower case.

        3. type out the full range of numbers and symbols that are available.

        4. Copy and paste letter by letter to enter your password on the web form.

        5. As an added layer of obfuscation, don't grab the letters in the same order as the final password


        I can think of a few techniques where I might be able to capture the password of someone using this technique, but none of them are what I would consider easy or straightforward.



        Also worth noting that this technique was originally suggested as a counter measure by my CEH instructor. It is not perfect, but it is a semi-decent option that doesn't require much in the way of prior preparation.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 29 '18 at 20:15









        Rozwel

        1832




        1832








        • 19




          Surely an off-the-shelf screen recorder would counter this?
          – Draconis
          Nov 29 '18 at 20:20










        • Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
          – today
          Nov 29 '18 at 20:40






        • 3




          @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
          – Rozwel
          Nov 29 '18 at 20:44








        • 7




          A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
          – Nathan Goings
          Nov 29 '18 at 21:39






        • 1




          @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
          – JoL
          Nov 29 '18 at 21:43














        • 19




          Surely an off-the-shelf screen recorder would counter this?
          – Draconis
          Nov 29 '18 at 20:20










        • Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
          – today
          Nov 29 '18 at 20:40






        • 3




          @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
          – Rozwel
          Nov 29 '18 at 20:44








        • 7




          A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
          – Nathan Goings
          Nov 29 '18 at 21:39






        • 1




          @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
          – JoL
          Nov 29 '18 at 21:43








        19




        19




        Surely an off-the-shelf screen recorder would counter this?
        – Draconis
        Nov 29 '18 at 20:20




        Surely an off-the-shelf screen recorder would counter this?
        – Draconis
        Nov 29 '18 at 20:20












        Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
        – today
        Nov 29 '18 at 20:40




        Interesting solution, especially that I see it was recommended by your CEH instructor! Actually, I was thinking about such a solution before you post this but then I thought maybe it is a bit weird! Of course, as @Draconis mentioned, an screen recorder might be able to counter this as well.
        – today
        Nov 29 '18 at 20:40




        3




        3




        @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
        – Rozwel
        Nov 29 '18 at 20:44






        @Draconis probably, hadn't considered that option but high chance it would work. I had my doubts when this was suggested by the instructor, but it is better than nothing, and does protect against most keystroke loggers. But if I were wanting to capture someone's login credentials for a web site I would use a browser extension or proxy to log the post data. Making all of this worthless...
        – Rozwel
        Nov 29 '18 at 20:44






        7




        7




        A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
        – Nathan Goings
        Nov 29 '18 at 21:39




        A clipboard logger would work very well up until step 5. Most packaged malware I've seen includes a clipboard logger with keylogger.
        – Nathan Goings
        Nov 29 '18 at 21:39




        1




        1




        @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
        – JoL
        Nov 29 '18 at 21:43




        @NathanGoings It's not like there would be that many permutations. Checking every combination one by one seems trivial.
        – JoL
        Nov 29 '18 at 21:43











        5














        There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.






        share|improve this answer





















        • This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
          – miroxlav
          Dec 4 '18 at 2:29












        • @miroxlav It can't. But as I said, at least one major company supports it.
          – Duncan X Simpson
          Dec 4 '18 at 2:34
















        5














        There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.






        share|improve this answer





















        • This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
          – miroxlav
          Dec 4 '18 at 2:29












        • @miroxlav It can't. But as I said, at least one major company supports it.
          – Duncan X Simpson
          Dec 4 '18 at 2:34














        5












        5








        5






        There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.






        share|improve this answer












        There is one thing you can do on sites that allow it (Google being one): Use a "have" factor of authentication, such as TOTP or a mobile app to approve logins. You don't have to use 2FA - that can be your only factor. I have some of my non-critical servers set to allow password OR totp, so I can log in with one or the other, without needing both. While, as others pointed out, that doesn't make you completely secure (after you log in the attacker could disable input and do whatever they want now that you're logged in), it prevents disclosing any passwords.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 29 '18 at 20:26









        Duncan X Simpson

        232213




        232213












        • This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
          – miroxlav
          Dec 4 '18 at 2:29












        • @miroxlav It can't. But as I said, at least one major company supports it.
          – Duncan X Simpson
          Dec 4 '18 at 2:34


















        • This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
          – miroxlav
          Dec 4 '18 at 2:29












        • @miroxlav It can't. But as I said, at least one major company supports it.
          – Duncan X Simpson
          Dec 4 '18 at 2:34
















        This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
        – miroxlav
        Dec 4 '18 at 2:29






        This may be limited to their own server where they can set up the security as they want. But how this can be used when logging into website of Company X if they still support only authentication using plain user name and password?
        – miroxlav
        Dec 4 '18 at 2:29














        @miroxlav It can't. But as I said, at least one major company supports it.
        – Duncan X Simpson
        Dec 4 '18 at 2:34




        @miroxlav It can't. But as I said, at least one major company supports it.
        – Duncan X Simpson
        Dec 4 '18 at 2:34











        4














        If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.



        There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.



        Mitigation of Hardware based vulnerabilities




        • Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.

        • Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.

        • Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.

        • Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.

        • Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.


        Software methods of decreasing the risk




        • Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.

        • Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.


        The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.






        share|improve this answer


























          4














          If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.



          There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.



          Mitigation of Hardware based vulnerabilities




          • Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.

          • Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.

          • Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.

          • Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.

          • Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.


          Software methods of decreasing the risk




          • Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.

          • Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.


          The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.






          share|improve this answer
























            4












            4








            4






            If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.



            There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.



            Mitigation of Hardware based vulnerabilities




            • Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.

            • Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.

            • Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.

            • Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.

            • Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.


            Software methods of decreasing the risk




            • Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.

            • Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.


            The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.






            share|improve this answer












            If you need to login using someone else's computer, there is no certain way to know for certain if there is any form of spying software. Even if it is someone you trust, they could be infected with a virus or a similar nefarious device, and it can be hard to impossible to know if it is infected. Always assume that a nefarious entity will still be able to view/access anything that happens on the computer. Here are a few ways you can try to mitigate the risks.



            There is no possible way to ensure that the person's OS is not compromised. You can look at the running processes, examine call stacks, network requests or anything, but spyware programs can be extremely well disguised. The best possible solution is to boot from a live USB stick using a linux distribution such as Ubuntu, puppy linux or Kali linux. This means that you should have full control of the software running on the computer, although a determined hacker could insert malicious code into the BIOS or bootloader of the computer, changing the actual code of the operating system.



            Mitigation of Hardware based vulnerabilities




            • Check the cable between the computer and the display. A device can be inserted in between them allowing a hacker to see the display output.

            • Avoid using a wireless keyboard or mouse. The signal can be intercepted between the transmitter and receiver, exposing keystrokes and mouse movements, even via a separate device.

            • Plug any USB devices directly into the motherboard. Don't use a PCIe slot, as the device could be storing/transmitting keystrokes/commands. The same applies to front panel connectors.

            • Use a different keyboard, if possible. Devices can take the sounds of individual keys being pressed to decipher which key it was. Unplug any microphones connected to the computer, just in case.

            • Look to see if there are any extra PCIe or serial port devices plugged in. Ensure only the required ones are plugged in, just in case.


            Software methods of decreasing the risk




            • Ensure you connect to a secured WiFi network, or ethernet, if you know it is safe. It is probably better to use mobile data, and a mobile hotspot, if possible, so you don't have to rely on their internet connection. Use a USB cable as well, if possible, so you don't run the risk of an alternative WiFi connection intercepting the signal instead.

            • Use SSL. This is obvious, but you must ensure the certificate authority is the one that you would expect to see, as it is possible for an entity to insert a self-signed certificate into the chain.


            The last thing is that you should, if possible, temporarily change your password (maybe using your phone) while you login using that computer, then change it back afterwards, so if the password is compromised, it will not be usable after it is changed back.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Dec 1 '18 at 10:12









            Theoremiser

            1413




            1413























                4














                The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.



                If you have probable cause or general paranoia then do not perform unsafe actions.



                Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.





                What is the threat model anyways?




                • Do you not trust the person?

                • Do you not trust the computer?

                • Are you trying to prevent their access from the particular website which you are logging in to?

                • Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?

                • Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?

                • Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.






                share|improve this answer























                • I think the OP is worrying about foreign immigration officers asking him to show his social media
                  – usr-local-ΕΨΗΕΛΩΝ
                  Dec 3 '18 at 8:26
















                4














                The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.



                If you have probable cause or general paranoia then do not perform unsafe actions.



                Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.





                What is the threat model anyways?




                • Do you not trust the person?

                • Do you not trust the computer?

                • Are you trying to prevent their access from the particular website which you are logging in to?

                • Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?

                • Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?

                • Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.






                share|improve this answer























                • I think the OP is worrying about foreign immigration officers asking him to show his social media
                  – usr-local-ΕΨΗΕΛΩΝ
                  Dec 3 '18 at 8:26














                4












                4








                4






                The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.



                If you have probable cause or general paranoia then do not perform unsafe actions.



                Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.





                What is the threat model anyways?




                • Do you not trust the person?

                • Do you not trust the computer?

                • Are you trying to prevent their access from the particular website which you are logging in to?

                • Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?

                • Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?

                • Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.






                share|improve this answer














                The best way to protect yourself is to tell the person that you are not comfortable entering your password at their computer.



                If you have probable cause or general paranoia then do not perform unsafe actions.



                Expecting to thoroughly detect and/or mitigate all threat models in a matter of seconds is ludicrous.





                What is the threat model anyways?




                • Do you not trust the person?

                • Do you not trust the computer?

                • Are you trying to prevent their access from the particular website which you are logging in to?

                • Are you trying to prevent the discovery of your password because you reuse it for a hundred other services such as personal banking?

                • Are you simply trying to figure out a universal way to not be compromised regardless of which foreign computer you encounter in the future?

                • Are you trying to prevent the details of the post-login screen from being recorded? You may wish to sweep the area for any hidden video recording devices in the ceiling.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Dec 3 '18 at 13:54

























                answered Nov 30 '18 at 14:01









                MonkeyZeus

                288210




                288210












                • I think the OP is worrying about foreign immigration officers asking him to show his social media
                  – usr-local-ΕΨΗΕΛΩΝ
                  Dec 3 '18 at 8:26


















                • I think the OP is worrying about foreign immigration officers asking him to show his social media
                  – usr-local-ΕΨΗΕΛΩΝ
                  Dec 3 '18 at 8:26
















                I think the OP is worrying about foreign immigration officers asking him to show his social media
                – usr-local-ΕΨΗΕΛΩΝ
                Dec 3 '18 at 8:26




                I think the OP is worrying about foreign immigration officers asking him to show his social media
                – usr-local-ΕΨΗΕΛΩΝ
                Dec 3 '18 at 8:26











                2














                You don't specify whether you need to login via someone's computer because you:




                1. Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.

                2. Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.

                3. Need their network (e.g. you need to be inside their LAN, but with your own device)

                4. Don't need their network or device at all, it is just convenient for you to use their computer.


                The optimal way of addressing these concerns is, in the reverse order:



                Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.



                Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.



                Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.



                Case 1. Also helps with Case 2.




                • a) Require Administrator/root access.


                • b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.


                • c) Change your access password via your 3G/4G phone to something temporary,


                • d) Access the server, use 2FA


                • e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)


                • f) Change password back via your 3G/4G phone


                • g) Set the firewall back to normal.



                Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:




                • a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.


                • b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.


                • c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.


                • d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!


                • e) Proceed as in previously described in 1c) and on.


                • f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.



                The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.



                I would appreciate feedback on that route, if I perhaps missed something.






                share|improve this answer


























                  2














                  You don't specify whether you need to login via someone's computer because you:




                  1. Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.

                  2. Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.

                  3. Need their network (e.g. you need to be inside their LAN, but with your own device)

                  4. Don't need their network or device at all, it is just convenient for you to use their computer.


                  The optimal way of addressing these concerns is, in the reverse order:



                  Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.



                  Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.



                  Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.



                  Case 1. Also helps with Case 2.




                  • a) Require Administrator/root access.


                  • b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.


                  • c) Change your access password via your 3G/4G phone to something temporary,


                  • d) Access the server, use 2FA


                  • e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)


                  • f) Change password back via your 3G/4G phone


                  • g) Set the firewall back to normal.



                  Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:




                  • a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.


                  • b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.


                  • c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.


                  • d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!


                  • e) Proceed as in previously described in 1c) and on.


                  • f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.



                  The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.



                  I would appreciate feedback on that route, if I perhaps missed something.






                  share|improve this answer
























                    2












                    2








                    2






                    You don't specify whether you need to login via someone's computer because you:




                    1. Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.

                    2. Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.

                    3. Need their network (e.g. you need to be inside their LAN, but with your own device)

                    4. Don't need their network or device at all, it is just convenient for you to use their computer.


                    The optimal way of addressing these concerns is, in the reverse order:



                    Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.



                    Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.



                    Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.



                    Case 1. Also helps with Case 2.




                    • a) Require Administrator/root access.


                    • b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.


                    • c) Change your access password via your 3G/4G phone to something temporary,


                    • d) Access the server, use 2FA


                    • e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)


                    • f) Change password back via your 3G/4G phone


                    • g) Set the firewall back to normal.



                    Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:




                    • a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.


                    • b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.


                    • c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.


                    • d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!


                    • e) Proceed as in previously described in 1c) and on.


                    • f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.



                    The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.



                    I would appreciate feedback on that route, if I perhaps missed something.






                    share|improve this answer












                    You don't specify whether you need to login via someone's computer because you:




                    1. Need their OS/software, e.g. you are setting up / fixing someone's computer and you need to fetch some data from your private server.

                    2. Need their hardware (e.g. you are allowed network access based on their MAC address or other factors that exist only on the machine you want to use.

                    3. Need their network (e.g. you need to be inside their LAN, but with your own device)

                    4. Don't need their network or device at all, it is just convenient for you to use their computer.


                    The optimal way of addressing these concerns is, in the reverse order:



                    Case 4. Bring your laptop/phone/tablet and use 3G/4G connection to access the internet. Done.



                    Case 3. Bring your laptop, properly secure it (antivirus, firewall, etc), plug it into their network. Done.



                    Case 2. Inspect their hardware for any hardware loggers, boot your own OS (some kind of live distribution). If you missed the hardware logger, you have the problem.



                    Case 1. Also helps with Case 2.




                    • a) Require Administrator/root access.


                    • b) Enable firewall, set it to paranoidly strict mode, allow only connections to your target server.


                    • c) Change your access password via your 3G/4G phone to something temporary,


                    • d) Access the server, use 2FA


                    • e) delete the traces (cookies, any temporary files that could hide credentials, unique IDs,tc)


                    • f) Change password back via your 3G/4G phone


                    • g) Set the firewall back to normal.



                    Now firewall may be compromised as well by a rootkit, so for more paranoid, or in case you don't get Admin/root access:




                    • a) Build your custom router using Raspberry Pi or similar device, add additional ethernet port using Ethernet2USB adapter. (of course, really security conscious pro would have Linux on their laptop anyway, so just add Ethernet2USB port and proceed without Raspberry.


                    • b) Plug their computer into your Raspberry, get the MAC address, clone it to the other (outbound) side.


                    • c) Set up strict routing and firewall on the Linux, allow only access to your server, and route one NIC to another.


                    • d) Set up MITM sniffing and install your certificate to your server on their machine. Your certificate is MITM certificate, the fake one you generated!


                    • e) Proceed as in previously described in 1c) and on.


                    • f) Log any bloody byte that traverses your mini router so you can confront them if they try something nasty.



                    The reasoning behind this suggestion is that the host computer probably does not have the full suite of tools to attack your account. Keylogger will log the keys to your temporary password, but will be unable to forward the data to the bad guy sitting in the other room. If it does and tries to hack your server, you will have any hack attempt logged in plaintext, any you can either confront them or undo the damage (they changed the plaintext, but you have logged the change!). Note hat only your server will be available to their computer in the critical time, so either their computer tries hacking solo, or nothing will happen.



                    I would appreciate feedback on that route, if I perhaps missed something.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Dec 3 '18 at 18:32









                    xmp125a

                    40714




                    40714























                        1














                        In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.



                        Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.



                        Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.






                        share|improve this answer


























                          1














                          In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.



                          Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.



                          Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.






                          share|improve this answer
























                            1












                            1








                            1






                            In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.



                            Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.



                            Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.






                            share|improve this answer












                            In theory, if the site doesn't provide you a better way to do this, there is still a way: login on a device that is under your control, and transfer the session cookie you receive from that device to the untrusted computer. This will allow the untrusted computer to perform any operation you can perform on the site once logged in, but unless the site has fatally bad security design, it will not allow the untrusted computer to change your password, change the email address associated with the account, or perform other account-takeover operations.



                            Once you're done, you can use the trusted device you control to log out its session cookie (which you copied from it) by performing the logout operation there, or perform a "logout all devices" operation if the site provides such a feature.



                            Note that under this scheme, your password is never entered on the untrusted computer, and thereby it has no means of recording/capturing it. At best it can capture the session cookie, which you will invalidate by logging out using the trusted device once you're done.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Dec 3 '18 at 3:29









                            R..

                            4,59611418




                            4,59611418























                                0














                                If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.



                                If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.






                                share|improve this answer

















                                • 4




                                  I trust my grandmother. I do not trust that her computer is clean.
                                  – schroeder
                                  Dec 3 '18 at 13:49
















                                0














                                If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.



                                If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.






                                share|improve this answer

















                                • 4




                                  I trust my grandmother. I do not trust that her computer is clean.
                                  – schroeder
                                  Dec 3 '18 at 13:49














                                0












                                0








                                0






                                If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.



                                If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.






                                share|improve this answer












                                If you trust that person, go ahead and use their computer. Consider creating a separate browser profile which you can wipe clean after you're done without erasing that person's cookies / settings / whatever. Take note of any attachments you download so that you can remove these as well. Don't just open attached files, unless you want to play detective figuring out which of the possible "temp" locations was used to store them. And avoid manipulating any sensitive data which is not related to the purpose forcing you to use someone else's computer.



                                If you don't trust the person, don't use their computer. There's no way of securing an unknown computer 100%, and even less so without doing things which will make the other person suspect that you're trying to hack them. At which point you will probably be denied to use their computer anyway.







                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered Dec 3 '18 at 12:45









                                Dmitry Grigoryev

                                7,3901940




                                7,3901940








                                • 4




                                  I trust my grandmother. I do not trust that her computer is clean.
                                  – schroeder
                                  Dec 3 '18 at 13:49














                                • 4




                                  I trust my grandmother. I do not trust that her computer is clean.
                                  – schroeder
                                  Dec 3 '18 at 13:49








                                4




                                4




                                I trust my grandmother. I do not trust that her computer is clean.
                                – schroeder
                                Dec 3 '18 at 13:49




                                I trust my grandmother. I do not trust that her computer is clean.
                                – schroeder
                                Dec 3 '18 at 13:49











                                0














                                Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:



                                If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
                                I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.



                                So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.



                                So if I am forced to login: "I don't know my password".






                                share|improve this answer





















                                • You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                  – Kolappan Nathan
                                  Dec 4 '18 at 9:08






                                • 1




                                  This is an anti-answer. The premise is that user must log in.
                                  – schroeder
                                  Dec 4 '18 at 9:26
















                                0














                                Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:



                                If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
                                I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.



                                So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.



                                So if I am forced to login: "I don't know my password".






                                share|improve this answer





















                                • You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                  – Kolappan Nathan
                                  Dec 4 '18 at 9:08






                                • 1




                                  This is an anti-answer. The premise is that user must log in.
                                  – schroeder
                                  Dec 4 '18 at 9:26














                                0












                                0








                                0






                                Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:



                                If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
                                I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.



                                So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.



                                So if I am forced to login: "I don't know my password".






                                share|improve this answer












                                Although there are a number of good and awesome answers, i believe this radical "answer" is missing out:



                                If you are concerned about security, you probably use a password manager as well. I always generate a random and very difficult password. On other computers I probably don't have the software nor the file where my passwords are stored in (I use keepass).
                                I do have this file stored in a cloud solution but on logging in it also requires a separate file which I only have locally on my trusted devices.



                                So you might understand what hassle I have to go through before I am actually logged in on the other untrusted device. Which actually prevents me from doing so in the first place.



                                So if I am forced to login: "I don't know my password".







                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered Dec 4 '18 at 9:00









                                CularBytes

                                1092




                                1092












                                • You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                  – Kolappan Nathan
                                  Dec 4 '18 at 9:08






                                • 1




                                  This is an anti-answer. The premise is that user must log in.
                                  – schroeder
                                  Dec 4 '18 at 9:26


















                                • You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                  – Kolappan Nathan
                                  Dec 4 '18 at 9:08






                                • 1




                                  This is an anti-answer. The premise is that user must log in.
                                  – schroeder
                                  Dec 4 '18 at 9:26
















                                You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                – Kolappan Nathan
                                Dec 4 '18 at 9:08




                                You could have your password manager on phone and type that password into a computer. Requires more steps but it is not impossible.
                                – Kolappan Nathan
                                Dec 4 '18 at 9:08




                                1




                                1




                                This is an anti-answer. The premise is that user must log in.
                                – schroeder
                                Dec 4 '18 at 9:26




                                This is an anti-answer. The premise is that user must log in.
                                – schroeder
                                Dec 4 '18 at 9:26











                                -2














                                When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.



                                That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.






                                share|improve this answer

















                                • 1




                                  How would a sandboxed process or an encrypted home directory defeat keylogging?
                                  – forest
                                  Nov 30 '18 at 7:23










                                • I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                  – user192527
                                  Nov 30 '18 at 7:25












                                • If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                  – forest
                                  Nov 30 '18 at 7:27










                                • I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                  – user192527
                                  Nov 30 '18 at 7:36






                                • 1




                                  There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                  – David Conrad
                                  Dec 1 '18 at 17:16
















                                -2














                                When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.



                                That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.






                                share|improve this answer

















                                • 1




                                  How would a sandboxed process or an encrypted home directory defeat keylogging?
                                  – forest
                                  Nov 30 '18 at 7:23










                                • I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                  – user192527
                                  Nov 30 '18 at 7:25












                                • If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                  – forest
                                  Nov 30 '18 at 7:27










                                • I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                  – user192527
                                  Nov 30 '18 at 7:36






                                • 1




                                  There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                  – David Conrad
                                  Dec 1 '18 at 17:16














                                -2












                                -2








                                -2






                                When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.



                                That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.






                                share|improve this answer












                                When you suspect the system is keylogged you would need to be able to interrupt that process to do what you are asking.



                                That might be a visible process though - so if it's mission critical try finding that process or creating another user account with an encrypted terminal in a sandbox to see if you can avoid logging that way - i.e. Linux with encrypted home folder & swap as an example.







                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered Nov 30 '18 at 7:03







                                user192527















                                • 1




                                  How would a sandboxed process or an encrypted home directory defeat keylogging?
                                  – forest
                                  Nov 30 '18 at 7:23










                                • I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                  – user192527
                                  Nov 30 '18 at 7:25












                                • If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                  – forest
                                  Nov 30 '18 at 7:27










                                • I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                  – user192527
                                  Nov 30 '18 at 7:36






                                • 1




                                  There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                  – David Conrad
                                  Dec 1 '18 at 17:16














                                • 1




                                  How would a sandboxed process or an encrypted home directory defeat keylogging?
                                  – forest
                                  Nov 30 '18 at 7:23










                                • I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                  – user192527
                                  Nov 30 '18 at 7:25












                                • If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                  – forest
                                  Nov 30 '18 at 7:27










                                • I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                  – user192527
                                  Nov 30 '18 at 7:36






                                • 1




                                  There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                  – David Conrad
                                  Dec 1 '18 at 17:16








                                1




                                1




                                How would a sandboxed process or an encrypted home directory defeat keylogging?
                                – forest
                                Nov 30 '18 at 7:23




                                How would a sandboxed process or an encrypted home directory defeat keylogging?
                                – forest
                                Nov 30 '18 at 7:23












                                I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                – user192527
                                Nov 30 '18 at 7:25






                                I suggested interrupting the keylogging process - If the process monitored one user account and another account were encrypted - it might accomplish the desired result of not being logged. Attempting this in a sandboxed environment rather than just doing it cuts down on the risk in case it doesn't.
                                – user192527
                                Nov 30 '18 at 7:25














                                If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                – forest
                                Nov 30 '18 at 7:27




                                If you are running under a different user, then there's no need to encrypt anything or use sandboxes. For Linux (since you mentioned Linux), individual users are isolated from each other and X11-based keyloggers will not work. However, if the hardware is controlled by someone malicious, then even encryption and a sandboxed terminal wouldn't help.
                                – forest
                                Nov 30 '18 at 7:27












                                I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                – user192527
                                Nov 30 '18 at 7:36




                                I suggested testing the idea in a sandbox. The main goal is to interrupt the keylogger if possible and if not to try to obfuscate by using other accounts etc.
                                – user192527
                                Nov 30 '18 at 7:36




                                1




                                1




                                There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                – David Conrad
                                Dec 1 '18 at 17:16




                                There are hardware keyloggers. This answer assume there is some "process" to "interrupt," which is totally wrong. It might mitigate one very specific risk, but it completely ignores other serious risks.
                                – David Conrad
                                Dec 1 '18 at 17:16


















                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Information Security Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.





                                Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                                Please pay close attention to the following guidance:


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198726%2fsecure-way-to-log-in-to-a-website-on-someone-elses-computer%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Probability when a professor distributes a quiz and homework assignment to a class of n students.

                                Aardman Animations

                                Are they similar matrix