Password typing methodology uniquely identifies users, claim researchers

Ali El-Hajj, Ravel Jabbour and Wes Masri are billed as having developed software that goes beyond previous attempts to analyse the speed and approach of user keystrokes as a means of identification.

As well as measuring the time taken between keystrokes, the researchers are analysing other parameters such as how long the key remains pressed for, as well as to what degree of pressure the person uses.

According to the researchers, who are publishing a paper on key pattern analysis (KPA), no security mechanism seen to date has been deemed secure enough.

In their paper – titled "Optimising Password Security Through Key-pattern Analysis" – the researchers say that their approach to KPA relies on two main pillars: inter and intra timing.

These pillars, the researchers add, “are stretched along the lines of increasing password entropy, trouncing the habit factor and finally, trimming down the error margin under an appropriate user-fitting technique."

Other user optimisation techniques, note the researchers, include token authentication and character-sound recognition.

Reporting on the paper, Gizmag notes that the technology the researchers are using is something of a double-edged sword "because the longer and more complex the password, the harder it is to repeatedly type it in with the same rhythm."

"The researchers acknowledge the trade-off – it's a matter of finding a sweet spot between length and reliable typing. I know that if I had a choice between a longer password and a system that stopped someone with my password written down in front of them from gaining access, I'd choose the latter", says the newswire.

The researchers are said to be planning to publish their paper in the International Journal of Internet Technology and Secured Transactions.

 

What’s hot on Infosecurity Magazine?