Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Password "Keyprints" as Another Form of Authentication?

Posted by Cliff on from the constructive-criticism-for-an-interesting-idea dept.

Adam Kiger asks: "I have written two programs with patents on both. The first program captures the keypress and keyup events per letter of a typed password in milliseconds and returns a numeric value per letter. I am also capturing the keypress of the first letter and the keyup of the next and returning a numeric value in milliseconds. My second program takes these values and runs an analysis of the values after 20 entries of your password to determine what I call a 'keyprint'. 91% of the time you enter the password my values captured matched each letter entry and the time between letters entered. I also can show the results of these tests in 2D graphical representaion. I used my wife as a test subject, gave her my password and she couldn't login to either Windows or my website! I have wrapped these programs around Windows Login and a Website's login control, and it works fine so far. The only problem I have found and not researched are the user using different keyboards. So I've come to ask Slashdot: Is this a viable security function?"

3 of 100 comments (clear)

  1. Sorry to burst your bubble by droyad · · Score: 5, Informative
    But prior art is screaming here:

    http://216.239.53.100/search?q=cache:Dmq6W8su71gC: www.cs.columbia.edu/~angelos/teaching/COMS4180/lec ture10.ps+Biometrics+Password+Timing&hl=en&ie=UTF- 8

    http://ctl.ncsc.dni.us/biomet%20web/BMKeystroke.ht ml

    http://www.giac.org/practical/GSEC/Patricia_Wittic h_GSEC.pdf

    http://searchsecurity.techtarget.com/originalConte nt/0,289142,sid14_gci801112,00.html

  2. It works well by Pathwalker · · Score: 4, Informative

    What you are describing sounds like one of the most basic techniques for biometric authentication. I remember being assigned to write programs to do what you describe for a class several years ago. It was one of the easier assignments we had.

    If you are researching the subject, I strongly suggest Biometrics: Personal Identification in Networked Society, and anything else on the subject written or edited by Anil Jain.
    (His webpage is here, the webpage of his lab is here).

    Dr. Jain is (IMHO) the current leader in biometric research worldwide.

  3. 20 values by cgenman · · Score: 4, Informative

    Why derive your key from the first 20 imputs? Why not continually re-derive the key from the last 20 imputs, to allow for typestyle drift over time?

    -C

    --
    The ______ Agenda