Domain: biopassword.com
Stories and comments across the archive that link to biopassword.com.
Comments · 12
-
Seriously, this is "new" research?
This is old enough that there are established commercial vendors doing it. Just goes to show you - obscure universities in 3rd world countries only do - at best - derivative work.
Here's an example company that's been selling this sort of solution commercially for years:
-
already implemented
This is old news: It's already been monetized by Gordon Ross's company: http://www.biopassword.com/keystroke_dynamics_advantages.asp - I had a chance to use this system back in 2004 and it was pretty cool. When the system is learning your password initially, you type it a handful of times so that it can average times between keystrokes. You can type "normal" or you can type at an abnormal rhythm. Your choice. Here are some other papers published a long time ago... http://portal.acm.org/citation.cfm?id=581272 (2002) http://portal.acm.org/citation.cfm?id=266434 (1997)
-
Re:security updateAuthentication not by energy, but typing speed and style:
http://en.wikipedia.org/wiki/Keystroke_dynamics
http://stage1.biopassword.com/pdfs/BP_102306a.pdfI guess that if the energy and the intensity of keystrokes are also recorded, it will definitely strengthen the profiling.
-
Hardly new or unproven.
I'm responsible for maintenance and development of the online banking software for a mid-sized credit union. I'm currently in the midst of a project to integrate BioPassword's implementation of this technology as a second authentication factor in our online banking product, and while I initially had some skepticism of their claims, I can assure you that the technique is actually surprisingly effective, even for relatively inconsistent typists like myself.
Don't just take my word for it, though — BioPassword has an online demo that offers a good explanation of the technology, and a chance to try it out yourself: http://stage1.biopassword.com/democlient/ -
Hardly new or unproven.
I'm responsible for maintenance and development of the online banking software for a mid-sized credit union. I'm currently in the midst of a project to integrate BioPassword's implementation of this technology as a second authentication factor in our online banking product, and while I initially had some skepticism of their claims, I can assure you that the technique is actually surprisingly effective, even for relatively inconsistent typists like myself.
Don't just take my word for it, though — BioPassword has an online demo that offers a good explanation of the technology, and a chance to try it out yourself: http://stage1.biopassword.com/democlient/ -
already works
-
Re:Biometrics
What about http://biopassword.com/
Doesn't this avoid the all the issues raised against biometrics? Seems like the perfect solution? -
Re:Biometrics
Combine passwords and biometrics and you get something called keystroke dynamics.
Biopassword
Brilliant or hopelessly inaccurate? -
Keystrokes: Cheap Biometric
Keystroke timings have been shown to be a reliable, cheap biometric, and was first proposed as early as 1980. The only problem is that NetNany owns the "patent portfolio" on these methods, and agressively threatens not only competitors, but academics who do research in this area.
-
more prior art...
These people state that their 'patented keystroke dynamics technology, a proprietary algorithm to make biometric measurements of a keyboard user's individual typing rhythm' was originally developed by SRI between 1979 and 1985. 'Today, the company has re-engineered keystroke dynamics into a software only biometric solution for user authentication in modern computers.'
-
Re:The fallacy of their argumentThis is true for static biometrics: thumbprint, retinal scan, facial geometry, hand geometry, etc. Not all biometrics are static; some are disposable.
Check out BioPassword. They were at the RSA show last month, and really are a cool technology. For those of you who don't feel like clicking through, they use a keyboard typematic biometric. That is, for all values of "you," how you type a specific word follows a discernable, repeatable pattern that's difficult to imitate.
KT biometrics are just as capturable/replayable as all other biometrics, but they're also disposable. How I type "foobar" tells an attacker nothing about how I type "bletch." But they can be changed should the need arise, just like a traditional password.
BioPassword is probably going to eclipse other biometrics, because it is ADA compliant (ever try taking a fingerprint from someone without a hand?), relies on a generally accepted UI (a non-trivial percentage of the population will refuse a retinal scanner), and needs no additional hardware.
Disposable biometrics have all the drawbacks of standard biometrics except the "once compromised, always compromised" issue, and they have the privacy advantage of not being linkable between discrete systems where different disposable biometrics are used. Once we get past the 1:1 idea of biometrics (a person has exactly one right thumbprint) into a many:1 relationship (one person has many unique characterizations, but each characterization is substantially unique to that person), you begin to see how cool the idea really is.
-
Categorization, not identification.If you want keyboard typing biometrics, check out BioPassword's technology.
All this does is guess at who people might be based on broad, sweeping characterization of behavior. That's probably as accurat as guessing that someone who has a Meyers-Briggs 'Feeling' classification is female vs. a 'Thinking' person be a male. In fact, such a generalization will be right roughly 75% of the time--but that's hardly individual identification.