What is a Keylogger?

Understanding Keylogger

Keyloggers capture every key pressed on a keyboard, including text typed into documents, search queries, URLs, chat messages, passwords, and personal communications. They fall into two categories: hardware keyloggers, which are physical devices inserted between a keyboard and computer, and software keyloggers, which run as background processes on the operating system. In corporate environments, software keyloggers are far more common because they can be deployed remotely through endpoint management systems without physical access to each device. The workplace deployment of keyloggers sits at the invasive end of the employee monitoring spectrum. While tools like Slack analytics track engagement metrics (messages sent, channels active) and screenshot tools capture periodic snapshots of screen content, keyloggers record the raw input of every character typed. This means they capture not just work-related typing but also personal messages sent through web-based email, passwords entered on any site, and private thoughts typed and deleted before sending. The data fidelity is total, which is precisely why keyloggers raise the most significant privacy concerns of any monitoring category. Most dedicated keylogging in the workplace occurs through bundled employee monitoring platforms rather than standalone keylogger software. Products like Teramind, Veriato, and InterGuard include keystroke logging as one feature alongside screenshot capture, application monitoring, and web filtering. These platforms typically present keylogging as a security feature for detecting insider threats, preventing data exfiltration, and enforcing acceptable use policies. The marketing frames it as protecting the organization, but the practical effect is that every keystroke an employee types on a monitored device is recorded and searchable. The legal status of employer keylogging varies significantly by jurisdiction. In the United States, federal law under the Electronic Communications Privacy Act generally permits employers to monitor company-owned devices, especially with notice. However, states like California, Connecticut, Delaware, and New York have enacted additional requirements around disclosure and consent. The European Union's GDPR imposes stricter requirements, mandating that monitoring be proportionate to a legitimate business interest and that employees be clearly informed about what data is collected. Several EU court decisions have found blanket keylogging to be disproportionate even with employee consent, because the power imbalance in employment relationships undermines the voluntariness of consent. For remote workers, keyloggers on company-issued laptops create a particular tension. When the same device is used for both work and personal activities, the keylogger captures everything regardless of context. Typing a personal email to a family member, searching for medical information, or messaging a friend all get recorded alongside work communications. Some monitoring platforms attempt to address this by allowing employees to designate personal time windows during which logging pauses, but the effectiveness and trustworthiness of such features varies. The detection of software keyloggers ranges from straightforward to nearly impossible depending on the implementation. Enterprise-grade monitoring agents installed by IT through device management platforms typically do not appear as obvious processes in Task Manager. They may run as system services, use generic names, or operate at the kernel level where standard user tools cannot see them. However, they do consume resources, generate network traffic to upload logs, and leave traces in system logs that technical users can sometimes identify.