Treval - generating 2.000.000 (2 million!) different passwords per hour
Yes, this is known as a rolling password and has been quite secure, they even use it as an extra security option for the game World of Warcaft. You have a small device you take with you, press a button and tap in the code by hand on the computer as the secondary password. Every minute, a new code is generated, so the device gets you the latest encrypted.
Someone able to brute your password as well as hack that code and gain access to your account within a minute or less before the next random code swaps over is highly unlikely. It's a very good device.
Friend has one for his crazy World of Warcraft playing due to also using the account on public computers like the netcafe. Those netcafe computers are the worst at stealing all your details with keyloggers and trojans. Even if the password is stolen, it's useless after been used once or timed and rolled over to another.
BC_Programmer - I've seen hundreds of keylogger reports and even found a server dump though using advance google indexing search. Honestly it was 335 txt files, each with about 20 to 80 username/passwords and various details stripped from all the typed junk. They are smart enough to scan the username and password areas of most sites. Also those Autocomplete passwords can be leached within seconds. There was some ways around detecting this, if the user types garbage inbetween the password, selects and delete, rather than backspacing, or have a key scrambler, etc.
Format from memory, looked like:
==================================================
Entry Name :
http://www.myspace.com/Type : AutoComplete
Stored In : Registry
User Name : xxxxxxxxxxx
Password : xxxxxxxxxxx
==================================================
or
serv :
https://ssl.rapidshare.com login : xxxxxxxxxxx
password : xxxxxxxxxxx
serv :
http://www.youtube.com username : xxxxxxxxxxxxx
password : xxxxxxxxxxx
Targetting popular sites, but as well as randoms.
And yes, they where all most all valid including credit card details, etc, it was scary what was collected. It's also amazing how many people don't take care of their computer and simply ignore that it would ever happen. My friend's brother is like that, pasted me a memory stick with old practice exams as well as a autorun virus which was detected instantly by Kaspersky (I've got autorun disabled anyways), but he's had it on his computer for a month or so and infected a number of others including some of the school's computer, pissed me off telling them all how to remove it!
Just to note, this keylogger dump site may/maynot still be up and running!
I still have record of the site url, the site has been reported, the log links are down, de-indexed from google but the main domain is back after just checking now says 'Bye
' and kicks you back to google.
I guess I'll pm the url if requested.
