It has been done before - I distinctly remember reading a story about an identical system about 8 or so years ago. In fact I even went so far as to implement a similar system myself, although I found that trying to adjust the sensitivity to minimize false positives whilst actually giving the user the ability to authenticate proved too big a hurdle to jump.
Slashdot Mirror
Actually, they moderate Slashdot.
It has been done before - I distinctly remember reading a story about an identical system about 8 or so years ago. In fact I even went so far as to implement a similar system myself, although I found that trying to adjust the sensitivity to minimize false positives whilst actually giving the user the ability to authenticate proved too big a hurdle to jump.