Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Using Password "Keyprints" as Another Form of Authentication? 100

Posted by Cliff from the constructive-criticism-for-an-interesting-idea dept.
Adam Kiger asks: "I have written two programs with patents on both. The first program captures the keypress and keyup events per letter of a typed password in milliseconds and returns a numeric value per letter. I am also capturing the keypress of the first letter and the keyup of the next and returning a numeric value in milliseconds. My second program takes these values and runs an analysis of the values after 20 entries of your password to determine what I call a 'keyprint'. 91% of the time you enter the password my values captured matched each letter entry and the time between letters entered. I also can show the results of these tests in 2D graphical representaion. I used my wife as a test subject, gave her my password and she couldn't login to either Windows or my website! I have wrapped these programs around Windows Login and a Website's login control, and it works fine so far. The only problem I have found and not researched are the user using different keyboards. So I've come to ask Slashdot: Is this a viable security function?"
This discussion has been archived. No new comments can be posted.

Using Password "Keyprints" as Another Form of Authentication? More

Using Password "Keyprints" as Another Form of Authentication?

Comments Filter:

  • May be defeated if password is keylogged (Score:4, Insightful)

    by Vendekkai ( 121853 ) on Wednesday May 21, 2003 @03:16AM (#6005345)
    While this adds an extra level of protection, how about a case where the user password is picked up by a keypress logger? In that case, the timings can be logged too, and it would be a simple matter of repeating those timings with a program to log in.

    Further, I am not sure how widely applicable this is. Whenever I change a password to a new, cryptic one, I type it in slowly for the first few times till my fingers start "remembering" the sequence.

  • 91% success means 9% failure (Score:3, Insightful)

    by porksodas ( 515690 ) on Wednesday May 21, 2003 @03:20AM (#6005363)
    91% of the time you enter the password my values captured matched each letter entry and the time between letters entered.

    I don't want to have to retype my password one time out of ten just because I typed the third and fourth letter to close together. It's a good idea, but I think it needs a higher success rate (without compromising security, of course). I think a pattern-recognizer (like a neural network) might come in handy, though that may be slightly overkill for your Windows login screen.

  • Re:May be defeated if password is keylogged (Score:3, Insightful)

    by Surye ( 580125 ) <(moc.liamg) (ta) (08eyrus)> on Wednesday May 21, 2003 @03:21AM (#6005366) Homepage
    Further, I am not sure how widely applicable this is. Whenever I change a password to a new, cryptic one, I type it in slowly for the first few times till my fingers start "remembering" the sequence. This will be a huge problem for you, as when you "learn" your password better, you type it out faster. You'd have to apply this at "critical level of ...remeberance(I know, not a word =P), and that would cause implimentation to be horrible.

  • Re:Sorry to burst your bubble (Score:4, Insightful)

    by WasterDave ( 20047 ) <davep@z e d k e p.com> on Wednesday May 21, 2003 @04:07AM (#6005519)
    Sure, but it is relevant for enforcing them. Presumably that's the point?

    Dave

  • No free consultation for you. (Score:5, Insightful)

    by Chilles ( 79797 ) on Wednesday May 21, 2003 @05:42AM (#6005755)
    Please, open your source and throw your patents in the public domain. As soon as you do that I'll be more than happy to evaluate your system. Right now, my only incline is to look for prior art. (which I'm pretty sure exists).

Slashdot Top Deals

"Ninety percent of baseball is half mental." -- Yogi Berra

Close