Keyloggers are rampant! They are the most prolific trojan horse and they can easily transmit your passwords to bad guys. They’re simple and effective.
Keyloggers work by intercepting and transmitting keystrokes, so a simple countermeasure is to avoid keystrokes. While this is impractical as a general approach, you can add a hint more security to your workflow by inputting passwords (or even bits of a password) via an on-screen keyboard.
In Windows, it is very easy to turn on an on-screen keyboard:
Once the keyboard is up, simply set focus on an application then use your mouse to press the keys on the on-screen keyboard.
Does anyone have evidence that on-screen keyboards are also vulnerable? Any other simple security tips?