In AP Computer Science Principles, keylogging is the use of a program to record every keystroke a computer user makes in order to gain fraudulent access to passwords and other confidential information (EK IOC-2.C.2, Topic 5.6 Safe Computing).
Keylogging is exactly what it sounds like. A keylogger is a program that silently records every keystroke you type, then sends that log to an attacker. Since you type your passwords, credit card numbers, and private messages, a keylogger gives the attacker all of it without ever needing to "hack" anything else. They just read what you typed.
The CED defines it precisely in EK IOC-2.C.2 as "the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information." Notice the two parts of that definition. First, the method is recording keystrokes with software. Second, the goal is fraudulent access to confidential info. That makes keylogging one of the CED's answers to the question "how do attackers gain unauthorized access?" alongside phishing and rogue access points. It's also a form of malware, specifically spyware, since it runs on your device and collects your data without your knowledge.
Keylogging lives in Topic 5.6 Safe Computing in Unit 5: Impact of Computing, under learning objective 5.6.C (explain how unauthorized access to computing resources is gained). It's one of three named attack methods in the CED, next to phishing (EK IOC-2.C.1) and rogue access points (EK IOC-2.C.4), so you should be able to tell them apart on sight.
It also connects directly to 5.6.B (how computing resources can be protected). The exam loves pairing an attack with its defense, and keylogging's natural counter is multifactor authentication. A keylogger can capture your password, but it can't capture your fingerprint or the one-time code on your phone. Knowing which defense neutralizes which attack is the real skill 5.6 is testing.
Keep studying AP Computer Science Principles Unit 5
Phishing (Unit 5)
Phishing and keylogging are the CED's two named ways attackers steal personal information, but they work in opposite directions. Phishing tricks YOU into handing over your info; keylogging steals it passively while you type. Same goal, totally different mechanism.
Multifactor Authentication (Unit 5)
MFA is the defense built for this attack. Even if a keylogger captures your password, the attacker still needs the second factor, like a code on your phone or a fingerprint. That's why MCQs about "which authentication method resists keylogging" almost always point to MFA.
Malware and Spyware (Unit 5)
A keylogger is a specific kind of spyware, which is a specific kind of malware. Think of it as nesting categories. Malware is any harmful software, spyware is malware that secretly collects your data, and a keylogger is spyware that collects it one keystroke at a time.
Rogue Access Point (Unit 5)
Both let attackers see your sensitive data, but the interception point differs. A keylogger captures data on your device as you type it. A rogue access point intercepts data after it leaves your device and travels over a network. Knowing where the attack happens is how you tell them apart.
Keylogging shows up in multiple-choice questions, usually in one of two flavors. The first is identification, where a scenario describes keystrokes being secretly recorded and you pick "keylogging" over phishing, rogue access points, or generic malware. The second is mitigation, where a question asks which security measure best protects against keylogging. Practice questions in this style ask things like which authentication method is LEAST vulnerable to keylogging (multifactor authentication, since a stolen password alone isn't enough) or which password manager feature protects stored credentials from keyloggers (features like autofill that avoid typing the password at all).
There's no FRQ on this anymore since AP CSP's written response is tied to your Create performance task, so MCQs are where this term earns its points. Your job is to match the attack to its definition and match the attack to its correct defense.
Both steal personal information to gain unauthorized access, and both sit in EK IOC-2.C, so the exam loves putting them in the same answer set. The difference is who does the work. Phishing is social engineering, meaning the user is tricked into voluntarily typing their info into a fake site or email. Keylogging is technical, meaning a program records keystrokes automatically and the user never realizes anything happened. Quick test: if the scenario involves a deceptive message or fake website, it's phishing; if it involves software recording what's typed, it's keylogging.
Keylogging is the use of a program to record every keystroke a user makes in order to gain fraudulent access to passwords and other confidential information (EK IOC-2.C.2).
It's tested under learning objective 5.6.C, which asks you to explain how unauthorized access to computing resources is gained.
Keylogging is a software-based attack, while phishing is a trick-based (social engineering) attack; both target the same kind of sensitive data.
Multifactor authentication is the strongest named defense against keylogging because a stolen password alone won't satisfy a second factor like a phone code or fingerprint.
A keylogger captures data on your device as you type, while a rogue access point intercepts data traveling over a network.
Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information. It's defined in EK IOC-2.C.2 under Topic 5.6 Safe Computing.
No. Phishing tricks you into voluntarily giving up your information through a fake message or website, while keylogging uses software to record what you type without your knowledge. They share a goal (stealing personal info) but use completely different methods.
Not really, and this is a favorite exam trap. A keylogger records whatever you type, so a strong password gets captured just as easily as a weak one. Multifactor authentication is the better defense because the attacker still lacks the second factor.
Yes. A keylogger is a type of spyware, which is malware that secretly collects your data. The keystroke-recording behavior is what makes it specifically a keylogger rather than just generic malware.
A keylogger captures data on your device the moment you type it, while a rogue access point (EK IOC-2.C.4) intercepts data after it's sent over a network. On the exam, look at where the data is stolen: at the keyboard means keylogging, in transit means rogue access point.