Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authenticating With Your Mouse?

Posted by Cliff on from the obscure-but-cool dept.

degauss asks: "I am looking into various authentication schemes form my home machine, and one that I thought would be interesting would to be having a dummy login screen up with a user/pass prompt, but instead of entering a user/pass, you click at certain points on the screen in certain rytmhmic patterns (all of this is of course unknown to any unauthorized users, who will pound at the password for years). I was wondering if there it any such software or interface currently being developed, as it provides an interesting [semi-]biometric security solution without dumping a ton of cash on new hardware."

58 comments

  1. tinfoil hat by Hubert_Shrump · · Score: 3, Funny

    tinfoil hat linux does this, to some degree. IIRC, The login screen is called "arcade mode" for good reason.

    --
    Keep your packets off my GNU/Girlfriend!
  2. Don't count on obscurity by bkhl · · Score: 5, Insightful

    I don't know if this would work. I guess it would really give you less variation in possible passphrases than a normal password.

    Maybe if you were to 'draw' the password on the screen and the computer would both use the password and analyze the writing it could give you an extra level of security. That would probably work better with a stylus or a touch screen than with a mouse, though.

    As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.

    1. Re:Don't count on obscurity by ShmuelP · · Score: 4, Insightful

      As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.

      By the way, relying on people to not type in your password is security through obscurity. Don't trust that. :-P

      Seriously though, if you are going to use clicking as a password, you need to treat it the same way. Since anyone who watches you could easily see where the mouse is moving, this would be similar to letting other people watching the keyboard as you slowly typed your password: not a good idea. Even worse, a tempest-like system would allow someone to watch your "password", without your even seeing a person there!

      Instead, I would suggest drawing as an extra layer of security before the password. Meaning, you have to draw the "password" before typing the real password. If you don't draw the correct "password" first, then even the real password isn't accepted.

      --
      Solution to blink tags: wrap them in another blink tag, with a javascript delay loop, so they cancel each other out
    2. Re:Don't count on obscurity by KDan · · Score: 1

      It *is* security through obscurity, as is a password. And cryptography teaches us that security through obscurity (through a secret) only works when that secret can be easily changed.

      So unless you want to change the combination of clicks all the time, it's worthless.

      Daniel

      --
      Carpe Diem
    3. Re:Don't count on obscurity by ichimunki · · Score: 1

      And cryptography teaches us that security through obscurity (through a secret) only works when that secret can be easily changed.

      And here I thought cryptography taught us how to make information hard to read without a key. :)

      But seriously, a password is not "security through obscurity"-- not unless you want to stretch the meaning of the phrase so far as to make it mostly useless. "Security through obscurity" is relying on being overlooked (e.g. "no one will ever guess that I have top-secret info at this weird URL") as a method of keeping stuff away from prying eyes.

      As long as this key input method (clicking on various screen areas in a certain order or whatever) is completely transparent in the code it's not any different than using a sequence of typed characters (i.e. reading the code won't tell you anything about the keys themselves except that they consist of clicks on the screen). It's no different than having a virtual keyboard on the screen and using that to "type" in the password.

      --
      I do not have a signature
    4. Re:Don't count on obscurity by schon · · Score: 1

      It *is* security through obscurity, as is a password.

      NO A password is NOT security through obscurity.

      If you believe it is, then you simply don't know what obscurity really is.

      "Obscurity" is reliance on hiding information, in the hopes that nobody finds it. Since a properly-administered password scheme (such as storing the password hash) is not hiding anything, then it's not obscurity.

    5. Re:Don't count on obscurity by SmittyTheBold · · Score: 1

      By the way, relying on people to not type in your password is security through obscurity. Don't trust that. :-P

      Having a 'secret' string of characters is security through obcurity, don't do that! =P

      --
      ± 29 dB
  3. Along the same lines... by thecampbeln · · Score: 5, Interesting

    How about using both of these ideas together? Have it to where even the correct username/password is not accepted unless the user clicks on the right section of the screen, or right sequence of sections of the screen in place of simply clicking "Ok"!? So in essence the "Ok" button would be a dummy and the correct "button" would be another portion of the screen entirely?

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
    1. Re:Along the same lines... by Motherfucking+Shit · · Score: 5, Funny
      So in essence the "Ok" button would be a dummy and the correct "button" would be another portion of the screen entirely?
      Good idea. I propose that we give the real button the appearance of the Pi symbol, and place it in the far lower right-hand corner of the screen... ;)
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    2. Re:Along the same lines... by Skapare · · Score: 1

      Just display a picture of a keyboard with the letters randomly re-arranged. Key in your password by clicking on the correct letter, wherever it is. Spies would have to be viewing your your screen. Mix it so part is entered by mouse, part by keyboard, part by voice, etc.

      --
      now we need to go OSS in diesel cars
  4. Interesting ... by Anonymous Coward · · Score: 1, Interesting

    This would certainly foil those hardware keylogger devices that nip between your keyboard and computer to grab passwords and the like. As far as I know, nothing comparable has been done for the mouse as the relative movements of the mouse aren't particularly useful, both because they don't always map to the relative position of the mouse, and because you don't know what the user is clicking on without a screen grab too.

    Hmm, now that could be useful - a program that sits in the background doing a screen grab everytime the user clicks the mouse. Saves having to capture every change in the screen to figure out what they are doing with the mouse.

    1. Re:Interesting ... by Anonymous Coward · · Score: 0

      I'm sick of the paranoia here - why would this foil hardware keylogger devices? Local passwords don't do anything except keep the honest people out and the moment you start to *TYPE* anything it would be logged anyway.

  5. Accessibility options - Onscreen keyboard by harakh · · Score: 1

    Shouldnt there be accessibility functions with an onscreen keyboard? use that and your keystrokes wont be seen atleast via the keyboard...

  6. hey! by Gregg+Alan · · Score: 1

    Leave *my* mouse out of this!

    --
    Here before all but 8486 of you.
  7. security through obscurity? by Anonymous Coward · · Score: 0

    you better make sure that *even if people know* that you use the mouse to enter your pass-gestures, it's still secure. don't count on the mouse thing being a secret.

  8. How about.... by orthogonal · · Score: 3, Funny

    How about logging in by executing some steps on your Dance Dance Revolution pad?

    --
    Opinions on the Twiddler2 hand-held keyboard?
    1. Re:How about.... by zonker · · Score: 0

      good thinking! keeps out those pesky handicapped hackers...

      --

      Large print giveth, and the small print taketh away

    2. Re:How about.... by dlcantrell · · Score: 1

      That's a fantastic idea!! =) You could also add a biometric blood pressure cup, a heart monitor, and a couple of those picture frames that show digital pictures. When your detects you and your "significant other" making love, it can rotate pictures of your parents, grandparents, clowns, Anna Nicole Smith, or any type of picture that kills the mood to prolong the "moment". Those two combined could make you, "Do a little dance, Make a little love". Seriously, what about chair that has a seat cushion to detect your weight, a seat back to detect your posture, and height to detect your body type. Require you put both hands on the side handles (as if you were standing up) so it can read your hand size, heat, and fingerprints.

  9. So if your mouse dies then you are screwed? by Anonymous Coward · · Score: 0

    Damn.

    Try to explain to a system admin that the reason you have lots of intruder lockouts is because your mouseball was dirty :)

    It could double as a "Is this employee drunk?" test ..

    1. Re:So if your mouse dies then you are screwed? by Anonymous Coward · · Score: 0
      It could double as a "Is this employee drunk?" test ..


      Great for drunk sysadmins too...

      Login: root
      Password:
      Access Denied!

      Password:
      Access Denied!

      Password:
      Access Denied!
      You're drunk. Quit trying to log in as root!

      Login:

  10. Stupid. by Anonymous Coward · · Score: 0

    No offense, but that's a stupid idea. You can't remotely log in, nor could you give the password to someone else if you wanted or needed to.

    No security scheme ever ensures 100% security. EVER - they just make it more likely for the intruders to give up. If someone really wants to get into your machine, they'll disassemble it and copy the hard drive sector-by-sector using another machine, then examine it there, completely bypassing any "sekret kode" that you made.

    The only secure computer is one that contains worthless information, is turned off and disconnected from the outside, wired with a hair-trigger self-destruct mechanism, hidden near some more flashy and important-looking decoys, buried miles underground in a secure vault which is patrolled by extremely well compensated, disiplined and obedient guards who are very heavily armed.

    Ie: no system in the world is secure. Not even yours. To make something as "u17A-sekure" and 'leet as a mouse password entry system is, quite frankly - dumb for the purposes of anything but entertainment or looking naively "cool" in the movies.

    My advice: Audit your computer, closing any remote ports and shutting down unnecessary services. Apply latest patches and updates to your computer. Use a 'strong' password (ie: not something obvious) that you change frequently and don't write down. Don't leave yourself logged in and walk off, remember to lock your doors, but don't leave the key lying around - and you'll be fine.

    1. Re:Stupid. by Erebus · · Score: 2, Interesting

      Why can't you remotely log in? Why can't you click a sequence of coordinates on an imagemap on a web page? The images, and their reactions to being clicked, need not reflect their occult nature.

      Giving someone the password would be akin to the Second Trial getting to the Grail in 'Indiana Jones and the Last Crusade', where they spell the name of God by jumping on stones; clicketh upon said obscureth spots, in this order, etc. Timed pauses between events should be easy to implement, like 'click here, count to three, then click there'.

      Sounds like fun.

    2. Re:Stupid. by Mr+Z · · Score: 1
      Why can't you remotely log in? Why can't you click a sequence of coordinates on an imagemap on a web page? The images, and their reactions to being clicked, need not reflect their occult nature.

      And how does that help me log in with SSH, SCP, telnet or FTP? The webpage would need to give me some sort of textual authentication token as part of mastering a series of clicks. I would then give telnet/ftp/ssh/scp the textual authentication token in order to log in.

      And where would I provide that token to these programs? At the password prompt.

      I guess one thing you could do with this is make the passwords single-use only.

      --Joe
      --
      Program Intellivision!
  11. Something Similar by one9nine · · Score: 2, Interesting

    I did something similiar (in terms of security) when I was developing a client/server app. What I did was trap for the backspace key after entering the first and last letter of a password, for instance if your password was "monkeyfeces", you would have to type "m(backspace)monkeyfeces(backspace)s". That way, if someone knew your password, watched you type it in or even had some rouge program monitoring your keystrokes they would still have a tough time figuring out why your password doesn't work. I am not saying this is foolproof but it's better than the man with the rubber glove who isn't suprisingly gentle.

    1. Re:Something Similar by Anonymous Coward · · Score: 0

      Hey, are you the guy who wrote the LEGO fantasy? He also couldn't spell "rogue", opting instead for "rouge barbarian forces," which doesn't sound very terrifying.

  12. Mouse based authentication by Radical+Rad · · Score: 2, Interesting

    IIRC there was a Slashdot article (or a quickie) not long ago related to this. I think the password was actually a sequence of symbols which appeared on the screen and they had to be clicked on in the proper order and the order that they appeared in a grid with other abstract symbols would change at each login. Hope I explained that right.

    I have also heard about a bio auth method that takes into account your typing rythym. As a simple example, if you type your password in to the beat of 'Shave and a haircut... two bits' it would only accept that valid password if it were typed with this rythym.

    But since the timer resolution on a computer is so small it can detect minute differences between you and an imposter. A neural network can be trained to learn your pattern of typing. Each successful login becomes a sample in its training set. That way it learns your natural variations and you don't have to perform perfectly each time or risk being rejected. Again no expensive biometric hardware required.

    1. Re:Mouse based authentication by bpb213 · · Score: 1

      "A neural network can be trained to learn your pattern of typing. Each successful login becomes a sample in its training set. That way it learns your natural variations and you don't have to perform perfectly each time or risk being rejected. Again no expensive biometric hardware required."

      I dont know about that. unless it learns time of day with logon, I would be screwed.

      In the morning im too groggy to type in my password quickly, usually resorting to a two finger hunt and peck routine that often somehow misses the right keys the first time anyway.

      In the afternoon my rythm is much improved and quicker, with less mistakes.

      I think there is too much variation like that for a neural net to train on that it would risk it overgeneralizing too much.

      --

      This .sig looking for creative and witty saying.
    2. Re:Mouse based authentication by heim913 · · Score: 1
      A neural network can be trained to learn your pattern of typing. Each successful login becomes a sample in its training set. That way it learns your natural variations and you don't have to perform perfectly each time or risk being rejected.
      Excellent. Now first time you break/injure your wrist/hand/finger your Really Fucked.
  13. Motive explanation? by Ayanami+Rei · · Score: 2, Insightful

    Degauss:

    Here is my thinking. This is your HOME machine. But you make it sound like this will be in a place where it will be exposed to a lot of people who have no business using it, or are desperate to break in.
    I mean, are your siblings or spouse wanting to use your PC that badly? Are they after your porn stash? :-) Just kidding.
    Or is your password that easily guessable... that is something you can fix without resorting to clever software that only belabors the authentication via obfuscation.

    Even if it wasn't under attack, obfuscating the login screen is not really a good idea. All the malicious user would need to do to discover the secret is casually observe a legitimate user bypassing said fake login screen.

    Moreover, your login program should not allow someone to sit at the computer all day and attempt passwords. It should lock unprivledged accounts out after a few wrong tries ( 5, preferably 3). If it does unlock itself, the cool off period should be at least an hour. Also, each attempt should take progressively longer to check after each failure. This is especially important for Administrator / root accounts which should not lock themselves out.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  14. Nah.... by bpb213 · · Score: 2, Insightful

    First, there is the question of how many clickable subdivisions that you divide the screen in. Second, it will take a lot longer, especially as the subdivisions get smaller, as it will require more precise mousing.

    I think Gesture recognition would be a better method, personally.

    --

    This .sig looking for creative and witty saying.
  15. drawing and puzzles by GiMP · · Score: 1

    I saw a movie where the authentication was done via a puzzle. Creating a drawing would be a great way to authenticate for some people (obviously not for the blind!). It would also be a terror for public terminals in which left-handed people most use (such as myself).

    The question isn't how the interface would be, but rather how to impliment it :)

    1. Re:drawing and puzzles by bpb213 · · Score: 3, Funny

      "Creating a drawing would be a great way to authenticate for some people"

      Want to take a bet on how many stick people you get as passwords? :)

      --

      This .sig looking for creative and witty saying.
    2. Re:drawing and puzzles by nelsonal · · Score: 1

      Have you noticed the generally poor locations of those electronic signing pads at most stores? K-Mart's are generally pretty good, above everything, but there is no place to rest your arm. Most stores seem to put them with a wall or other large immobile object directly to the left of them.

      --
      Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
    3. Re:drawing and puzzles by Anonymous Coward · · Score: 0

      I saw a movie where the authentication was done via a puzzle.

      Perhaps you're thinking of "Indiana Jones and the Last Crusade?" That was the ultimate in 'Authentication by Ordeal.'

    4. Re:drawing and puzzles by b!arg · · Score: 1

      Perhaps playing out a scene in post-its on your monitor for all your different passwords?

      --

      Everybody dies frustrated and sad and that is beautiful
  16. What about.. by fateswarm · · Score: 1

    What about nice simple mouse fingerprinting devices on mice?

    Oh well, that has been discussed on so many movies that will make people scared:

    We all know someone can cut our finger to get the fingerprint..

    yeah, I know, grouse.

    let's wait for dna authentication..

    but again, anyone can get samples from us and use it..

    hmm..

    let's stick with passwords for some time ok?

    1. Re:What about.. by Sepper · · Score: 1

      What about nice simple mouse fingerprinting devices on mice?

      here, here,or simply this... and i think it would be a better security system than using a fake login screen.... (altough it could make a really good joke...)

      --
      I live in Soviet Canuckistan you insensitive clod!
  17. Dorky idea.. by zcat_NZ · · Score: 1

    Something I've wanted to do for a while is get one of those keychain USB drives, and keep my private key on it, and perhaps also a symmetric key. Then I can run a crypto filesystem (not for everything, just for the stuff I want to keep private) and unplug the key when I'm away from the computer.

    Hey wait, this sounds like something I read earlier today .. !

    There probably isn't more than 128M of stuff I really need to keep private, so it might make just as much sense to keep all the files on the USB drive too.

    --
    455fe10422ca29c4933f95052b792ab2
    1. Re:Dorky idea.. by Anonymous Coward · · Score: 0

      Boss: "Oh Bob, do you have that report ready for me yet?"
      Bob: "Yeah, its around here some...."
      Bob: "Oh my gosh boss, I lost my keys!"
      Boss: "I'm sorry to hear that Bob, but what does that have to do with my report?"
      Bob: "The report was on my keychain."
      Boss: "Yeah...right"

    2. Re:Dorky idea.. by zcat_NZ · · Score: 1

      As opposed to "Someone's walked off with a harddrive containing that report, or all our company secrets, and the billing details of 180,000 of our customers."

      If it was that important I'd keep a backup in a vault somewhere and wouldn't have the -only- copy on just my keyring.

      --
      455fe10422ca29c4933f95052b792ab2
  18. An issue for tablet PC's by Anonymous Coward · · Score: 0

    This would be great on Tablet PC's. I've got one, and have had a tough time securing the thing because of this very issue.

    Anyone got some links for Windows?

  19. Why not make it easy... use a camera by MerlynEmrys67 · · Score: 1
    Simple. Get a secure camera on the system that will log the person sitting there, if it isn't you don't allow ANY login to succeed. I've seen demo's that do this from years back, is pretty cool...

    If it isn't you sitting at the computer, the computer says, do you want to leave a message for the owner of the computer, and allows you to type a message in

    --
    I have mod points and I am not afraid to use them
    1. Re:Why not make it easy... use a camera by darkpurpleblob · · Score: 1
      Get a secure camera on the system that will log the person sitting there, if it isn't you don't allow ANY login to succeed.
      And why not take further advantage of the camera and lock the system if the person that is logged in moves away from the computer. When they come back to the computer it would be automatically unlocked. Of course an administrator could also sit in front of the computer and be identified in order to unlock the machine.
  20. Non-typing passwords... by Crash+Gordon · · Score: 4, Interesting

    Many years ago, I needed to secure my work PC (a spanking-new IBM XT-286) from the night shift; since I was doing CAD I had an EGA and a fast machine so my office became the midnight game room.

    I wrote a routine which put a login prompt on the screen, and then waited for a particular cadence on the DTR line of COM2. I patched this code into some blank space on the EGA's BIOS extension ROM, and executed it before the keyboard was even enabled during POST :-) COM2 had a plotter attached & I would turn the plotter on and off appropriately to boot the system. I never booted when there was somebody else in the room.

    Then came a change in company ownership, with its attendant politics... I was canned on a Friday afternoon with no notice whatsoever. Nobody asked about my password. Of course the vultures descended on my office, and among the first things to go was the plotter. No plotter, no password.

    Apparently after several frustrating weeks in Software Engineering the PC was returned to IBM for an expensive "repair" -- if someone had asked I'd have told them to swap the original EGA ROM from my desk drawer back into the EGA. Nobody asked.

    1. Re:Non-typing passwords... by karnal · · Score: 3, Interesting

      Sort of offtopic:

      I was perusing various car sites a while ago, looking for fix-it information on my car. I found an interesting thing that someone had done for a kill switch: they integrated a push of the passenger's window "up" button (on the driver's side only) to allow the passlock 2 (GM) signal to the ECM.

      Kind of a neat hack, seeing as if you didn't tell anyone, and no one paid close attention as you started the car, they probably wouldn't pick up on the trick. However, one of the dumber things you can do in that situation is post it on the internet for all to see..... Guess that's why you didn't announce your "lock out" until well after you were finished with that type of security.

      Kudos as well to you, though -- that was a neat trick. Almost makes me wish I was more into hardware (like I was as a teenager)....

      --
      Karnal
    2. Re:Non-typing passwords... by Gordonjcp · · Score: 1

      That's a bit like how you get the ECUs of various cars into diagnostic mode. Most of them just need a code reader plugged in, and the diagnostic line connected to earth for about three seconds. But then you get the BMWs which need you to turn them on, then off, then on again and blip the throttle five times (with the engine stopped) to read the code.

  21. Siemens Fingerprint Mouse by unixbob · · Score: 1

    Try this for a mouse you can authenticate with. Not sure if there are Linnu drivers for the fingerprint stuff though

    --
    The Romans didn't find algebra very challenging, because X was always 10
    1. Re:Siemens Fingerprint Mouse by darkpurpleblob · · Score: 1

      We have one of these at work for biometric authentication to a portal system we develop.

      I don't know how Siemens claim the the mouse has 'comfort and security', as the mouse is about as unergonomic as they come. These aren't going to take off until someone (Microsoft, Logitech...) actually starts producing a ergnomic and comfortable biometric mouse.

    2. Re:Siemens Fingerprint Mouse by ironfroggy · · Score: 1

      misplaced sensor on that mouse. I was hoping it would be on the buttons themselves.

      --
      Question
      http://www.ironfroggy.com/
  22. atm style pin? by Anonymous Coward · · Score: 0
    instead of entering a user/pass, you click at certain points on the screen in certain rytmhmic patterns

    How about something that works similar to a bank machines pin number? This might seem a bit too simplistic but here goes:

    Assume that your screen or dialog box is divided into three imaginary columns, and rows. Now look down at your number pad (see figure1)

    figure 1
    |X|X|X| |7|8|9|
    |X|X|X| |4|5|6|
    |X|X|X| |1|2|3|

    When the login in prompt is displayed start tracking the mouse position and click events.

    1. If the user clicks in the top left third of the screen then record that as a 7,
    2. if the mouse is in the middle row centre column record a 5,
    3. if the mouse is in the bottom third, middle column then record a 2. . .
    (see figure2)


    |X|X|X| |7|8|9|
    |X|X|X| |4|5|6|
    |X|X|X| |1|2|3|

    Finally use a double-click to stop recording numbers and start the authentication.

  23. Not very practical by darkpurpleblob · · Score: 1

    Sure it's a nice idea, but what happens when you need to authenticate with someone else standing behind you?

    They will be immediately be able to see where you clicked on the screen. Hiding the cursor as the clicking is done won't do any good either as you won't know where you are clicking!

    This is why passwords are blanked out when you enter them, so somebody watching the screen won't find your password out.

  24. Are you mad? by Anonymous Coward · · Score: 0

    You think that having unauthorised people "pounding at the password for years" when you aren't accepting passwords does anything to aid security? They'll do that anyway. It doesn't matter if you accept passwords or not, the chances of somebody guessing correctly is infintessimaly small.

  25. Watch the clickityckick by lsommerer · · Score: 2, Interesting

    I've always thought that it would be interesting to watch the way that someone types in the password as well as what they type in. If your cadence isn't within your normal parameters, then you don't get in even if you have the right password.

    It would have to be auto adjusting, or subtle changes in they way you type in general could throw it off, and heaven help you if you break your hand, but an interesting idea anyway.

    There are other reasons why it would be problematic as well. You'd probably bet out of luck if you needed to log in on a keyboard that was different in some substantial way from your own.

    Anyone know if anything like this has been done?

    1. Re:Watch the clickityckick by demi · · Score: 1

      Related to this, I dropped using passwords some time ago, and started using long passphrases; it happens to work great under Linux w/MD5 passwords and OpenBSD. But the problem is that these are pretty long and it's easy to make a mistake. What I'd like is to incorporate the cadence into the password, as you suggest, and take advantage of whatever "fuzzy hashing" you'd need to do that to also allow a one- or two-character variation in the password. In other words, if my password is "it's like a noodle in a salad", it would accept "it's tlike a noodle it a salad" if I often make that mistake.

      --
      demi
  26. Just thought of something by vadim_t · · Score: 1

    A graphical login screen where you have to choose pictures in the right order sounds like a good idea, and I think I've just though of an improvement. Make them selectable with the mouse wheel without giving any feedback.

    The reason is simple, the buttons make an obvious sound, but the wheel should not. It could give some extra security.

    1. Re:Just thought of something by Anonymous Coward · · Score: 0

      Neat .. that would be like a safe wheel ..

  27. Morse code... Seriously. by Gordonjcp · · Score: 1

    As long ago as WW2, it was realised that different people had distinctly different "styles" of keying. If you had a sample of a person's Morse code, for example drawn on paper tape, you could compare an unknown sample to see if they were sent by the same person. This turned out to be a very accurate "fingerprint".

    Now, I'm not saying you should enter your password by Morse code on the mouse button, but something that reads the rhythm of mouse clicks or keypresses would work.

  28. PDA by dolmen.fr · · Score: 1

    The most useful usage of such authentication schemes is for authenticatino on a PDA such as a Palm.
    I know that some application are available for PalmOS that use this things, however I don't remember the names.