This is cache of http://securityrenaissance.com/2007/02/19/that-thing-you-do-%e2%80%93-keystroke-dynamics/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
That thing you do keystroke dynamics
2007-02-19 17:00:11 by Perry Carpenter in Security Renaissance
 

For years, security professionals have known and been saying that passwords themselves are inadequate — thus the need for two-factor (or stronger) authentication. However, multifactor authentication implementations are typically known to be costly (e.g. issuing tokens or biometric readers). Further, many companies report user push-back: some end-users reject or express disdain for biometric authentication.

So, this begs the question: “Is there a multifactor authentication method that is transparent to end-users?” And the answer is, “yes.” The technology is referred to as “keystroke dynamics,” and it extends the authentication paradigm a bit. That is, you usually hear about authentication factors such as:

  • Something you know (e.g. Password)
  • Something you have (e.g. token)
  • Something you are (e.g. biometric)

Keystroke dynamics, as well as signature and speech dynamics, add to that list “Something you do.”

Keystroke dynamics systems check the specific characteristics of how someone enters his/her password (i.e. speed, pauses). So, in effect, keystroke dynamics systems are keyloggers who have turned from the Dark Side. :)

In theory, the use of such systems allows users to simply continue entering a single password – the way they do now. Yet, because individual and unique characteristics are being measured, many of the traditional weaknesses associated with passwords can be overcome. For example, normal “problem areas” such as password sharing and shoulder surfing may be mitigated because other parties cannot mimic the “dwell time” (length of time that the key is pressed) and “flight time” (speed between individual keystrokes) dynamics of the actual user.

Though I’ve not yet done any tests with this technology, I do see it touted as an affordable, reliable alternative to biometrics.

Links for further reading/research:

General info:

Vendor products:

 
Tags: keystroke dynamics, dynamics, keystroke, speech dynamics, keystroke dynamics systems, authentication, multifactor authentication implementations, authentication factors, biometric authentication
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia