Using Password "Keyprints" as Another Form of Authentication? 100
Adam Kiger asks: "I have written two programs with patents on both. The first program captures the keypress and keyup events per letter of a typed password in milliseconds and returns a numeric value per letter. I am also capturing the keypress of the first letter and the keyup of the next and returning a numeric value in milliseconds. My second program takes these values and runs an analysis of the values after 20 entries of your password to determine what I call a 'keyprint'. 91% of the time you enter the password my values captured matched each letter entry and the time between letters entered. I also can show the results of these tests in 2D graphical representaion. I used my wife as a test subject, gave her my password and she couldn't login to either Windows or my website! I have wrapped these programs around Windows Login and a Website's login control, and it works fine so far. The only problem I have found and not researched are the user using different keyboards. So I've come to ask Slashdot: Is this a viable security function?"
Yes it is (Score:3, Funny)
Re:Sorry to burst your bubble (Score:2, Funny)
Re:No patents (Score:4, Funny)
The first one has a nice plaid pattern, wheras the second one (and this is the clever bit) has a striking blue and green pattern on it.
Steve.
yes, but... (Score:2, Funny)
or was it last week?
mortimer! how did you type 'depression' again? with a coffee break between the 'p' and the 'r'??
Re:Some users will have severe problems with this (Score:2, Funny)
> would not be surprised if other could imitate me simply by trying
> to input it very efficiently.
Me too, _except_ that I use a modified keyboard layout, which makes
certain things take different amounts of time than usual. (For
example, switching between upper and lower case is faster, because
shift is under a home position on my layout. OTOH, k is rather
out of the way and generates an extra pause before or after.)
I still prefer the long-nasty-password approach. Use a password
like cEveNaughtDiVulge-canceroussGRANDpapy;rot14impreS
(not my real password, of course), type it fast, and nothing but
a sniffer is going to compromise it. Yet something like that is
only barely more difficult to memorise than something traditional
like Rx7QvGOc0b. (You remember, "seven naught divulge cancerous
grandpappy rot14 impressionism xi", eight words (except rot14,
which is easy to remember because it's one more than Caesar), but
then you make minor tweaks such as elided and doubled letters and
case shifts, which your muscle memory will do for you automatically
after a dozen times typing it.)
Re:Sounds good (Score:2, Funny)
I read this and had a strange image of a sofa and 2 chairs turning up at my desk... Maybe that's the lack of coffee this morning.