There's also the issue of over-the-shoulder viewing. I doubt my cubical-mate could follow my typing on a keyboard...
lying horizontal on my desk, but he or she could easily see which keys I press on my screen as I enter my password (unless of course an overlay has been placed on my monitor to deter this).
Finally, since virtual keyboards aren't standard in any Web applications I've seen, there's the cost of development and support for the creation of the keyboard and its integration into the Web applications.
On the plus side, and a big plus at that, keyloggers wouldn't be able to capture this information, since you would be using either a mouse or a touch screen to enter the information, thus keeping passwords secure.
However, as a security professional, before I decided to use a virtual keyboard on my site, I'd have to weigh the risks. Who are the constituents who will be accessing the site and how technologically savvy are they? What platforms will they be using? What is the risk that the systems accessing the site will have keylogger or other capture software on them? What is the value of, or what are the privacy concerns regarding the content the site provides? Does this affect the end user's ease of accessing the site? After analyzing the results, I'd then decide whether the functionality justifies the risks of adding a virtual keyboard to my site.
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.