What Is a Keylogger and How Do You Protect Against One?

A keylogger is a tool that secretly records what you type — including your passwords. It is one of the more unsettling threats because it can capture even a strong, unique password as you enter it. Understanding how keyloggers work, and what does and does not protect against them, helps you focus your defenses where they matter.

What a keylogger is

A keylogger (short for keystroke logger) records the keys you press and reports them to whoever planted it. There are two broad types:

• Software keyloggers: malicious programs running on your device, usually installed via malware, a malicious download, or a deceptive app. This is by far the most common type for ordinary users.
• Hardware keyloggers: physical devices placed between a keyboard and a computer. These require physical access and are rare outside targeted scenarios or shared/public machines.

Once active, a keylogger can capture passwords, messages, and anything else you type.

Why keyloggers are dangerous

Most password defenses assume the attacker is somewhere else — guessing, phishing, or sifting through a breach. A keylogger is different: it watches you type the password directly, so even a long, random, unique password can be captured at the moment of entry. That is what makes malware on your own device such a serious threat. It bypasses the strength of the password entirely.

How to protect against keyloggers

The realistic defenses target getting the keylogger onto your device in the first place, and limiting the damage if one does:

• Keep your system and apps updated. Updates patch the vulnerabilities malware exploits.
• Only install software from trusted sources. Most software keyloggers arrive bundled with dodgy downloads or disguised apps. On a Mac, prefer the App Store or well-known developers.
• Be cautious with email attachments and links. Malware often arrives via phishing. See how to spot a phishing attack.
• Use reputable security tools and the protections built into modern operating systems.
• Be wary of public or shared computers, where you cannot verify what is installed; avoid entering important passwords on them.
• Enable two-factor authentication. This is a powerful backstop: even if a keylogger captures your password, the attacker still needs your second factor to log in. See what is two-factor authentication.

How password managers help (and their limits)

A password manager helps against keyloggers in a subtle but real way: it autofills credentials rather than having you type them, so there are no keystrokes to capture for those logins. It also resists phishing by only filling on the genuine site, cutting off a common malware-delivery route. On a Mac, Passlock stores passwords offline in the Keychain and fills them, reducing how often you type sensitive credentials.

The honest limit: no password manager fully protects a device that is already compromised by capable malware, which may attempt other techniques. That is why keeping the device itself clean — through updates, cautious installs, and 2FA — remains the foundation. A manager reduces typing and phishing exposure; device hygiene prevents the infection.

The bottom line

A keylogger records what you type, including passwords, which is why device security matters as much as password strength. Keep your system updated, install only trusted software, stay alert to phishing, prefer autofill over typing, and enable two-factor authentication so a captured password is not enough. Strong passwords protect you from most attacks; clean devices and 2FA protect you from this one.