I would really like to see the following portable app. I think it would be a good defense against keystroke loggers and especially useful for username and password entry on a public computer.
The app would consist of an on screen keyboard in a standard layout. Below the letters/numbers there would be a different letter or number. For example the letter A might have the number 3 under it. The user could either click on the A, or they could use the number 3 on the keyboard to get an A. Each launch would render a different secondary layout.
Maybe this keyboard trapping and translation would be too difficult for a portable app running as non-admin, but at the very least an onscreen keyboard would thwart most logging attempts.
A sophisticated logger might notice the file in memory and decipher what clicks translate into. A way to get around this would be for an initial .exe file to create and launch a secondary exe file. This file could be of a random size, process name, process footprint and MD5 hash.
Another possible feature could allow you to browse and load a text file as part of the string to be inserted. A partially typed and partially loaded password or username would be more difficult to decipher.
I still probably wouldn't login to my bank account with this app, but it would make it appealing to login to my Hotmail account.