That seems like a total waste of money. All the apps and services on the key are free. You could pick up a 128Mb USB key for as little as $15 and put the apps on it yourself.

Besides that, it would be of little use if the PC is equipped with a keylogger.

Great feedback from everyone. I guess it's a small consolation to know that I'm not being overly-paranoid. I am really going to have to re-think my usage while on untrusted computers.

Internaut, carrying a Pocket PC is definitely a good, albeit expensive, solution. Do you ever have difficulty finding WiFi signals to use? It seems like there are still an unfortunately large number of airports and hotels that lack WiFi, and those that have it are rarely free.

Scandalous, I like your scheme to interlace the characters of your username and password while typing them in. Brilliant! I'll definitely keep that one in mind.

JadedTraveler and ScottC, the idea of using the WinXP onscreen keyboard is also an excellent one that I had not thought of.

I think the thing that is most frightening is the idea that if someone were to intercept one of my passwords (either through keylogging or other means) they could potentially take control of that account without me ever knowing.

It seems like a simple way to address this would be for sites to send an alert to the (original) email when anything changes in an account. That way if someone were to maliciously gain access to an account and change the password and/or email address associated with that account, the site would send an email notification that would make you immediately aware of the problem so you could take action before any substantial damage is done. It appears that Paypal does this, but surprisingly, none of my credit card sites nor my online banking site did so.

What if you created a new email address on yahoo or gmail. From there, you tell the email client to read your emails from your real address via POP3/IMAP (without deleting the messages). When you get back from your trip, you remove the email forwarding to the new account. So now, if someone does manage to get access to your email system, they can only read those emails sent to you while you were on your trip. If you dont install SMTP, they wont be able to send messages using your name. Of course, now that you limited their access to the email system, you too are limited in what you can do on it.

So while there are many ways to protect yourself online, if someone is trying to be malicious, they can get access to your account -- the only question is how far they will go in order to accomplish that. I'm guessing that most of these hackers are lazy and figure they can acquire someone else's password much more easily and wont waste their time doing anything too complicated on one person. But if they have the hardware keylogger and the screen capture software (meaning they spent about 100$ in this operation), then you cant really defend yourself in the public domain.