A keylogger doesn't need to break encryption or guess your password. It just waits for you to type it — and records every keystroke. Keyloggers are one of the oldest and quietest ways accounts get stolen, because they capture your credentials at the exact moment your fingers hit the keys. This guide explains what a keylogger is, the software and hardware types, how it gets in, the warning signs, and how to protect your accounts.
What a keylogger is
A keylogger (keystroke logger) secretly records every key you press — passwords, messages, card numbers, searches — and sends the log to whoever planted it. Most are malicious software; some are small hardware devices.
The danger is direct capture: a keylogger steals a password even if the site is perfectly encrypted, because it reads what you type before the data is ever protected. It bypasses the lock by watching your fingers, not the vault.
Software vs hardware keyloggers
- Software keyloggers — a program running quietly on your device, usually part of malware. It records keystrokes and sends them over the internet. This is the common, everyday kind, often arriving through phishing or dodgy downloads.
- Hardware keyloggers — a physical device plugged between a keyboard and a computer (or hidden inside it) that stores keystrokes locally. The attacker needs physical access to install and retrieve it — mostly a risk on shared or public machines.
Are keyloggers always illegal?
Not inherently — it depends entirely on consent and intent. Keystroke-logging technology has legitimate uses: an employer may monitor company-owned devices where staff have been clearly informed and consented, parents may use monitoring tools on a minor child's device, and developers use keystroke capture in their own debugging. What turns a keylogger criminal is installing it on someone else's device without authorisation to steal credentials or spy — that's illegal in most jurisdictions and is how the malicious kind operates.
The practical takeaway for you: legitimate monitoring is disclosed and consented; anything secretly capturing your keystrokes without your knowledge is an attack, regardless of how the tool is marketed. Treat an unexpected logger on your own device as hostile.
How it gets in
A software keylogger arrives the same way as most malware: a phishing message with a malicious link or attachment, software bundled with a "free" download, a fake or cracked app, or a drive-by infection. A hardware keylogger instead needs someone with physical access to your machine. The pattern: software needs you to run something; hardware needs someone to touch your computer.
Warning signs
Software keyloggers are built to be invisible, so prevention beats detection. Still, be alert to a device that's suddenly slow or hot, unexplained network activity, unfamiliar programs or processes, antivirus that's been switched off, or accounts accessed without you. On a desktop, an odd device in line with your keyboard cable could be a hardware logger.
How to check for and remove one
If you suspect a keylogger, work through this in order:
- Run a full scan with reputable anti-malware (and a second on-demand scanner for a second opinion). Most software keyloggers are detected as malware.
- Review running processes and startup items. On Windows, check Task Manager → Startup and the installed-programs list; on macOS, Activity Monitor and System Settings → Login Items. Research anything unfamiliar before removing it.
- Check browser extensions — a malicious extension can log what you type into web forms. Remove any you didn't deliberately install.
- On a desktop, inspect the hardware — look for a small adapter between the keyboard plug and the USB/PS2 port, especially on shared or public machines.
- When in doubt, reset. A determined keylogger can hide from scanners; a clean OS reinstall is the only certain removal. Back up your files (not programs) first.
Crucially, change your passwords from a different, clean device afterwards — changing them on the infected machine just feeds the new ones straight to the logger.
How to protect your accounts
★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform
Autofill instead of typing — fewer keystrokes for a logger to catch → NordPassFills credentials on the genuine site · Unique password per account · Zero-knowledge vault→- Keep your OS and apps updated and run reputable anti-malware — most keyloggers are malware.
- Don't open unexpected attachments or links, and install only from official sources.
- Turn on two-factor authentication — ideally passkeys or an authenticator app — so a captured password alone can't unlock an account.
- Use a password manager. It autofills on the genuine domain instead of you typing, so there are fewer keystrokes to capture, and it gives each account a unique password.
The honest limit
No single tool is a guarantee. A determined software keylogger on a compromised device can capture a lot — including the clipboard or a master password you do type — so a password manager is one layer, not immunity. The real defence is layered: updates, anti-malware, cautious clicks, phishing-resistant 2FA, and the willingness to reset a device you believe is infected. Change passwords from a clean device, not the suspect one.
The bottom line
A keylogger steals passwords by recording your keystrokes — quietly, often invisibly, and regardless of how secure the website is. Software loggers spread like other malware; hardware loggers need physical access. Defend by keeping software updated, running anti-malware, avoiding suspicious links, turning on phishing-resistant 2FA, and using a password manager so there's less to type and one stolen login can't unlock everything.
★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform
Lock down your accounts → NordPassStrong unique passwords · breach scanner · free tier→Frequently asked questions
What is a keylogger?
A keylogger (keystroke logger) is a tool — usually malicious software, sometimes a small hardware device — that secretly records every key you press. As you type passwords, messages, card numbers and search queries, the keylogger captures them and sends them to whoever planted it. Because it grabs information at the moment you type it, a keylogger can steal a password even if the website itself is perfectly secure and encrypted. That direct capture is what makes it dangerous: it bypasses the lock by reading your fingers, not the data.
What's the difference between a software and a hardware keylogger?
A software keylogger is a program running quietly on your device, often bundled with malware, that records keystrokes and exfiltrates them over the internet. It's the common kind and can spread through phishing, malicious downloads or fake apps. A hardware keylogger is a physical device — a small plug between a keyboard and a computer, or hidden inside it — that stores keystrokes locally; the attacker needs physical access to install and later retrieve it. Hardware keyloggers are rarer and mostly a risk on shared or public computers, while software keyloggers are the everyday threat.
How does a keylogger get onto my device?
Most often through the same routes as other malware: a phishing email or message that tricks you into opening a malicious attachment or link, software bundled with a 'free' download, fake or cracked apps, or a drive-by infection from a compromised site. Hardware keyloggers instead require someone with physical access to plug one in — a risk on public, shared or unattended machines. The common thread is that a software keylogger needs you to run something, and a hardware one needs someone to touch your computer.
What are the warning signs of a keylogger?
Software keyloggers are designed to be invisible, so there's often no obvious sign — which is why prevention matters more than detection. Still, watch for a device that suddenly runs slow or hot, unexplained network activity, programs or processes you don't recognise, your antivirus being disabled, or accounts being accessed without your action. On a desktop, an unfamiliar device plugged in line with your keyboard cable could be a hardware logger. When in doubt, run a reputable malware scan and, for serious suspicion, reset the device.
How do I protect myself from keyloggers?
Layer your defences. Keep your OS and apps updated and run reputable anti-malware, since most keyloggers are malware. Don't open unexpected attachments or links, and install only from official sources. Turn on two-factor authentication — ideally passkeys or a hardware key — so a captured password alone can't unlock an account. A password manager helps too: it autofills credentials on the genuine site instead of you typing them, so there are fewer keystrokes to capture, and it generates a unique password per account so one stolen login doesn't cascade. If you suspect infection, change passwords from a clean device and consider a factory reset.
