Ticket #1332933 (new Patches: None)

Opened 3 years ago

Last modified 6 months ago

Virtual Keyboard - patch included

Reported by: nobody Owned by: nobody
Priority: 5 Milestone: later
Component: Other Version: None
Severity: minor Keywords:
Cc:

Description (last modified by thomasb) (diff) 

Privacy issues. Whilst on holiday etc. you never know if it safe to 
trust the Internet cafe et al.

On SquirrelMail there is a plugin for a virtual keyboard, which on the 
login page open a popup. The idea is to move the mouse over the 
keyboard image map, and hover over the character you want for 
more than two seconds. This then add the character and builds up 
your password.

Very neat, and makes keyboard spyware and cut and paste spyware 
almost ineffective.

Very nice app though.

Change History

Changed 3 years ago by nobody 

Logged In: NO 

Except that your PW then gets intercepted on submission
through a web proxy or network sniffer.

Changed 12 months ago by vincent

In response to nobody's post at 12/05/05: To protect your Roundcube client (or any other webmail client) from being sniffed you should use SSL certificates to protect your credentials. That's how I set it up.

The virtual keyboard will protect you from keyloggers and by setting an onMouseover event it will protect you from 'screenshot-for-every-mouse-click' loggers too. I'm currently working on a virtual keyboard for Roundcube, but I'm quite busy for the upcoming weeks so I can't say anything about when it's finished.

Changed 12 months ago by thomasb

  • status changed from assigned to new
  • description modified (diff)
  • severity changed from critical to minor

Changed 12 months ago by vincent

I've finished development on the Virtual Keyboard but it needs to be integrated with the Roundcube package. You can see a working demo at: <https://webmail.syn-ack.org>. If you can't wait until it nicely integrates with Roundcube (I want the option to enable/disable the keyboard from the config file) you can implement it yourself. The source files are available at <http://www.syn-ack.org>. If you need help implementing please don't hesitate to contact me at rastakid[at]syn-ack[dot]org.

Changed 12 months ago by jpingle

This looks very promising, but I did notice one odd thing while using your demo site.

If you click to place your cursor in the password field, it still puts the letters in the username field. I figured out that you had to click the keyboard button next to the field to switch its target, but without a little blurb explaining this I'm not sure how obvious this would be to the average end user. Could it not put the letters into whichever field has the cursor/active focus?

Also, it might help if the keyboard could be hidden by default (this could also be configurable) and then brought up explicitly via a link.

Thanks for the work so far!

Changed 11 months ago by vincent

Hi jpingle,

Yes, when an input field has focus, it should be used by the virtual keyboard to send the keys to. It's a little glitch I need to fix, it's as easy as setting a onFocus event handler.

Concerning the keyboard being hidden by default: I want to add the virtual keyboard to the RoundCube configuration so users can choose to enable or disable it. I realize that most users probably won't need the virtual keyboard, but I'm glad that I have it running in my environment: as a student I do access webmail from many different locations (including public university computers).

Thanks for your feedback, Vincent

Changed 7 months ago by seansan

  • summary changed from Virtual Keyboard to Virtual Keyboard - patch included
  • type changed from Feature Requests to Patches
  • milestone set to 0.1.5

Review in 0.1.5 - could be standalone plugin

Changed 6 months ago by thomasb

  • milestone changed from 0.1.5 to later
Note: See TracTickets for help on using tickets.