Keyboard loggers are a type of spyware which gathers all keystrokes of a user and sends it back to the hackers. Sensitive information like user name and password can be hacked using keyboard loggers.
The threat is more in the extranet setup. When your business partners are accessing your portal you need to pay attention to security and ensure that their login credentials are not stolen.
You can avoid the problems created by keyboard loggers by using Virtual Keyboards. You would have noticed this in many banking websites. Check this diagram for a customized portal login screen
The steps you need to follow are very simple
- You can either modify the standard portal login application (com.sap.portal.runtime.logon.par) and deploy it as an new archive or you can create your own
- Modify the JSP files and place the keyboard. Check the library documentation. It is simple
- Register the j_user and j_password input fields with the library for inputting using keyboard
- Deploy the par file
- Modify UME configuration for using the new login module
You are ready and safe from keyboard loggers.