General Trojan horse attacks on quantum key distribution systems are analyzed. We illustrate the power of Trojan horse attacks with today’s technology, conclude that all systems must implement active counter‑measures, and present a practical method to reduce the adversary’s maximal information gain. All systems must include an auxiliary detector monitoring incoming light, and the authors propose a practical approach to limit the information an adversary can obtain via Trojan horse attacks. The proposed counter‑measures are efficient when sufficient additional privacy amplification is applied, and they reduce the security analysis of the 2‑way Plug‑&‑Play system to that of standard 1‑way systems.