Defending against key loggers

Anyone have any techniques for defending against key loggers? Obviously antivirus and the like. Would two-factor authentication be a good method? Like RSA keys? Or is that defeated because the user has to type the number in?

As far as I know, If you have to type it, it can be logged. Unless off-course you use antivirus and the like as you mentioned to detect the key logger software. As you've mentioned, encryption wont help since the key strokes has to travel from your keyboard to the encrypting application first before being encrypted, key loggers will catch them before it reaches the application.

KL-Detector is one of the generic key loggers detectors. The neat thing about this one is that you don't have to install it, good for public PCs with no admin access. It's free too.

dewasoft.com/privacy/kldetector.htm

www.passkeeping.com claims to have a way of logging in to any website without typing in your password.

The worst ones, and the ones the serious players use, are the hardware key loggers. They are a bit like a small ps2-to-ps2 through coupler that you just stick in line with the keyboard. Then later you retrieve the thing and download the captured keystrokes off it. The best defence against these is vigilant visual inspection which is the method used to protect against them in banks, government offices etc.