Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Password "Keyprints" as Another Form of Authentication?

Posted by Cliff on from the constructive-criticism-for-an-interesting-idea dept.

Adam Kiger asks: "I have written two programs with patents on both. The first program captures the keypress and keyup events per letter of a typed password in milliseconds and returns a numeric value per letter. I am also capturing the keypress of the first letter and the keyup of the next and returning a numeric value in milliseconds. My second program takes these values and runs an analysis of the values after 20 entries of your password to determine what I call a 'keyprint'. 91% of the time you enter the password my values captured matched each letter entry and the time between letters entered. I also can show the results of these tests in 2D graphical representaion. I used my wife as a test subject, gave her my password and she couldn't login to either Windows or my website! I have wrapped these programs around Windows Login and a Website's login control, and it works fine so far. The only problem I have found and not researched are the user using different keyboards. So I've come to ask Slashdot: Is this a viable security function?"

1 of 100 comments (clear)

  1. Sorry to burst your bubble by droyad · · Score: 5, Informative
    But prior art is screaming here:

    http://216.239.53.100/search?q=cache:Dmq6W8su71gC: www.cs.columbia.edu/~angelos/teaching/COMS4180/lec ture10.ps+Biometrics+Password+Timing&hl=en&ie=UTF- 8

    http://ctl.ncsc.dni.us/biomet%20web/BMKeystroke.ht ml

    http://www.giac.org/practical/GSEC/Patricia_Wittic h_GSEC.pdf

    http://searchsecurity.techtarget.com/originalConte nt/0,289142,sid14_gci801112,00.html