Nowadays keystroke logging is one of the most widespread threats used for password theft. In this paper, rather than detecting existing malware or creating a trusted tunnel in the kernel, we present a different method QTE (Quick Time Events) to protect the password that a user provides for a web page to login to a web service. Installing such solutions in a host only requires limited privileges of related computers. The QTE method utilizes a canvas to cue users when their input will be recorded or ignored by the QTE add-on, which provides a chance for users to obfuscate keyloggers by inserting meaningless letters among the keystrokes of their passwords. QTE can be applied to all websites without any modification of them.