It has, it's just not that effective as per reasons mentioned here. I'd actually written the guts of one that I've used as an optional feature within a product I wrote. It has really good accuracy and effectiveness with touch-typists, but is miserable for "casual"/beginner style users. I'd hate to see it used for something like Windows logins.:D My algorythms included timing, rythm, and optionally detecting rollovers as identifiers to typing style. It condenses it down into a percentage with results that can even be graphed out and determines whether there is a match based on sensitivity preferences. The more consistent you are, the higher the sensitivity you can use, the more secure the password is.
Still when it's used properly it has some really nice perks. A) It lets people use 'meaningful' easy to remember passwords. I absolutely HATE network policies that say "password must be 10-16 characters, contain at least 1 capital letter and 1 number, etc. etc. etc. and then say you need to change it every 4 weeks. B) It makes for a much larger block of data when encrypted/transmitted, even for short passwords.
It took 3 days to write, test, and tweak. The real work is integrating it as a security measure.
Slashdot Mirror
It has, it's just not that effective as per reasons mentioned here. I'd actually written the guts of one that I've used as an optional feature within a product I wrote. It has really good accuracy and effectiveness with touch-typists, but is miserable for "casual"/beginner style users. I'd hate to see it used for something like Windows logins. :D My algorythms included timing, rythm, and optionally detecting rollovers as identifiers to typing style. It condenses it down into a percentage with results that can even be graphed out and determines whether there is a match based on sensitivity preferences. The more consistent you are, the higher the sensitivity you can use, the more secure the password is.
Still when it's used properly it has some really nice perks. A) It lets people use 'meaningful' easy to remember passwords. I absolutely HATE network policies that say "password must be 10-16 characters, contain at least 1 capital letter and 1 number, etc. etc. etc. and then say you need to change it every 4 weeks. B) It makes for a much larger block of data when encrypted/transmitted, even for short passwords.
It took 3 days to write, test, and tweak. The real work is integrating it as a security measure.