For a More-Secure Password, Watch How You Type

A text password – no matter how many times you change it or how many illogical symbols you incorporate into it – is always going have some inherent weaknesses: It can be stolen via keystroke software, broken into by password-recovery programs, and it can fall into the wrong hands if written down or shared with a co-worker.

All of this drives IT managers crazy, which has driven a movement toward two-factor authentication in logical access control. A group of researchers at the American University in Beirut have come up with an unusual biometric that could be used as for that second factor: your typing pattern.

That’s right. The process, called key-pattern analysis, records timing with which a user types in his password and then compares that template to the timing every person uses when trying to gain access to the digital asset. Upon enrollment, a user has to type the password in several times, to allow for all the variations possible.

The field of key-pattern analysis has actually been around for a few decades, but this research from the American University in Beirut, advances it into the realm of the useable. Previous researchers had failed to take into account the fact that quick typists sometimes press more than one key at a time. As such, this effort at producing an effective key-pattern analysis authenticator looked at the length of time for which a user presses the key, which the researchers say gives a better – and more robust – picture of typing patterns.

One of the study’s authors, Ravel Jabbour, points out that, as key-pattern analysis doesn’t require any extra equipment, it is much less costly than solutions that require extra equipment, such as a card reader, at every work station. And, Jabbour said, key-pattern analysis programs should work almost as well as sophisticated biometrics, such as iris or fingerprint scans. “If the profile building phase is conducted with care, there should be no real problem with key-pattern analysis,” he said.

About the Author

Laura Williams is content development editor for Security Products magazine.

Featured

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities