Okay, I just thought of something the keylogger guys can do

. They can probably remember which keyboard shortcut was used for entering the password and then when the user is not looking they can make a new window with an input element, use that keyboard shortcut, and get the value that the program enters.
Something like this:
watch which keys are pressed and record keyboard shortcuts
wait until the computer is idle for x minutes
make a new window
perhaps position the window off the screen,
so that there are less chances of the user noticing anything
add an edit control child window to the main window
point 1:
trigger a recorded keyboard shortcut
get the edit window text and save it
clear the edit window
repeat point 1 for any other keyboard shortcuts recorded
use the passwords...
So my next idea to fix this is to have the user type the password manually every time, but send a bunch of decoy keystrokes to the system as well, so that the keylogger would have a bunch of useless information.
Something like this:
record the child window in focus to a variable
make a new window, asking the user to enter the password
make an edit control for the user to type in
set focus on the edit control
do this:
every random * x milliseconds, send a random decoy keystroke to the system;
record this key in the useless character variable
and also this, at the same time:
every time a new character gets added, do this:
check if the character added is equal to the character
in the useless character variable
if it is, clear (set to '\0') the useless character variable,
clear the edit control,
and continue
else, add the new character to the password variable,
clear the edit control,
and continue
when the user is done entering the password (e.g. when
the user presses the return key), close our window,
and set the
previously-in-focus recorded (child) window's text to
the text in the password variable
So my question would be, can the keylogger/malware still get to the password with this idea implemented?