As the name suggests, keyloggers monitor and store every keystroke made on a user's keyboard. While such technology can be deployed by malicious actors to exfiltrate sensitive data, keyloggers can also be purposefully installed by employers on an employer's computer with or without their employees' knowledge for legitimate business purposes (e.g. cybersecurity or productivity). While the technology can be deployed in a number of ways, two common host-based keyloggers include API-based keyloggers and hardware keyloggers.
Keylogging technology is content-neutral, in that it collects the data resulting from the user's keystrokes, irrespective of whether that data is work-related or non-work related, including potentially sensitive personal data (such as an employee's personal medical, financial information, or personal log-in information). Thus, as with any employer monitoring of its systems (e.g. email), the content captured may be both work-related and non-work related. Nevertheless, keylogging is generally regarded as more intrusive than certain other types of systems monitoring that may be used because every character that is typed by the employee is captured.
One common keylogging solution is an API-based keylogger, wherein the software uses the keyboard application programming interface ('API') to record an employee's keystrokes. With every press of a key, a keyboard sends a notification to an application (i.e. Microsoft Word or Slack) so that the typed character appears on the user's screen. API-based keyloggers record these notifications, and the logs are then stored.
Hardware keyloggers can also be built into the keyboard or deployed using a USB or physical device that is connected to the keyboard or computer. Rather than relying on software to store captured key logs, data is captured by the physical keylogging device for stored on the device.