Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA: An Unusual Approach to User Authentication: Behavorial Biometrics (Video)

Posted by Roblimo on from the watching-every-keystroke dept.

In the North of Sweden, in Lappland, there is a university spinoff company named BehavioSec that decides you are you (or that a person using your computer is not you) by the way you type. Not the speed, but rhythm and style quirks, are what they detect and use for authentication. BehavioSec CEO/CTO Neil Costigan obviously knows far more about this than we do, which is why Tim Lord met with him at the 2013 RSA Conference and had him tell us exactly how BehavioSec's system works. As usual, we've provided both a video and a transcript (There's a small "Show/Hide Transcript" link immediately below the video) so you can either watch or read, whichever you prefer.

4 of 69 comments (clear)

  1. Assuming you will always type the same way. by Colan · · Score: 5, Interesting

    ---If you ever get a sprained wrist, you'll be locked out of your computer. Hopefully, there would be alternate authentication methods built in. And what happens if you don't log into your computer for an extended period of time? After I learned to type (taking lots of notes does that to you), my typing ability and methods (and patterns/rhythms) had completely changed. That was in the course of a month. At the end of that time, I would have been locked out of my computer.

    1. Re:Assuming you will always type the same way. by Anonymous Coward · · Score: 5, Funny

      On the plus side, however, this will lock you out if you try to write a drunken facebook wall post to one of your exes...

  2. Fail out the gate! by SirAstral · · Score: 5, Interesting

    I have experienced Behavior Biometric Denial of Services. Humans are just too erratic, imagine this.

    Your front door is locked using this method. All of a sudden you are outside and a thug walks by making obvious threats and you start running inside to get away or get your gun and the door now locks your ass out.

    You are using email services and you start looking for a job and with the sudden increase in email traffic and/or login presence causes your service to block your account temporarily because of behavioral changes. (this actually happened to me for a short time)

    I was in the middle of waiting for an actual offer letter when this occurred... very frustrating!

  3. Re:Smells like an academic spinoff by mmelson · · Score: 5, Interesting

    This is not so much an authentication method as a heuristic used to decide whether or not to ask for additional credentials. It's exactly analogous to the way security questions work for online banking. If it recognizes you, there's a good chance you are who you say you are and your password is considered sufficient. But, if it doesn't recognize you, that isn't necessarily indicative of an impostor, just that it needs to ask for more information (in the form of a token, smartcard, security question, etc) before it can be confident you are who you say you are.

    A "yes' from this this is acceptance, but a "no" is not a complete rejection. It just makes you jump through an extra hoop or two.