Typing Patterns for Authentication

Kelson writes "NPR's Marketplace is reporting on a new authentication scheme. BioPassword tracks the way you type your password: how long each key is depressed, the time between keystrokes, and overall speed. When someone tries to log into your account, it compares the pattern to what it has on file. It only allows you in if both the password and patterns match. The technique has been around a while. World War II Morse code operators used it to determine whether a message was sent by an ally or an impostor."

Fist

[Nimey]

A Morse-operator's style was referred to as his "fist". This is referenced in Cryptonomicon.

I think this is a pretty nifty idea, and I'm surprised it hasn't been done before.

Interesting you mentioned WW2...

[jafo]

No, I'm no going to say you invoked Godwin's Law right at the top of the article...

I immediately thought of WW2 when I read the title. A Morse Code operator's style was called their "fist". German operators became quite adept at mimicing the fist of other operators, and using the fist to identify captured operators didn't work well. This is why they had other signals for identifying that an operator was not captured. Things that would look like a typographical or crypto error to a third party, but which was known to both the sender and receiver, and the absence of them would indicate capture. Of course, under stress, sometimes these were forgotten.

The book Silk and Cyanide has a great discussion of the fist and other identification techniques and how they failed and succeeded (mostly the former). Highly recommended.

Sean