Identity theft and fraud pose threats to information security in today's electronic age. Having one's identity stolen or credit destroyed can be a traumatic event and take years of phone calls and paperwork to reestablish one's credit. In addition, financial institutions suffer losses because of the fraud committed by those who steal innocent victims' identities. Generally, in order to protect personal information, a user sets a password known only to her, so that access to a system and to her personal information is only accepted when the preset password is correctly input.
However, malware such as key loggers may be implemented in hardware or software to log user keystrokes and/or mouse clicks for later retrieval. Key loggers are dangerous because they can be installed remotely without the knowledge of the user of a computing device. At some future time, the person who installed the key logger may retrieve information captured by the key logger and download the key strokes and/or mouse clicks. From this information, usernames and passwords may be determined for websites accessed by those who have used the keyboard and/or mouse.
Efforts to defeat key loggers include the use of one-time passwords, biometric devices, and rotating “secret” information (e.g., high school attended, favorite color, etc.) that is entered by a user. However, these mechanisms require the user to enter information that is known about the user, thus the key logger is still effective at gathering useful information about the user. Other mechanisms, such as graphically entered information through number pads, etc. that are displayed on a web page, may be defeated by key loggers taking screen shots at each mouse click, which may enable the reconstruction of the graphically entered information.