Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RSA: An Unusual Approach to User Authentication: Behavorial Biometrics (Video)

Roblimo posted about a year ago | from the watching-every-keystroke dept.

Security 69

In the North of Sweden, in Lappland, there is a university spinoff company named BehavioSec that decides you are you (or that a person using your computer is not you) by the way you type. Not the speed, but rhythm and style quirks, are what they detect and use for authentication. BehavioSec CEO/CTO Neil Costigan obviously knows far more about this than we do, which is why Tim Lord met with him at the 2013 RSA Conference and had him tell us exactly how BehavioSec's system works. As usual, we've provided both a video and a transcript (There's a small "Show/Hide Transcript" link immediately below the video) so you can either watch or read, whichever you prefer.

cancel ×

69 comments

Sorry! There are no comments related to the filter you selected.

Assuming you will always type the same way. (5, Interesting)

Colan (2771285) | about a year ago | (#43048641)

---If you ever get a sprained wrist, you'll be locked out of your computer. Hopefully, there would be alternate authentication methods built in. And what happens if you don't log into your computer for an extended period of time? After I learned to type (taking lots of notes does that to you), my typing ability and methods (and patterns/rhythms) had completely changed. That was in the course of a month. At the end of that time, I would have been locked out of my computer.

Re:Assuming you will always type the same way. (5, Funny)

Anonymous Coward | about a year ago | (#43048687)

On the plus side, however, this will lock you out if you try to write a drunken facebook wall post to one of your exes...

Re:Assuming you will always type the same way. (-1)

Anonymous Coward | about a year ago | (#43048819)

Assuming you aren't constantly in that state...

Re:Assuming you will always type the same way. (3, Funny)

K. S. Kyosuke (729550) | about a year ago | (#43048951)

Alternatively, if you create your log-in profile while drunk, you'll have to use your computer in that state forever!

Re:Assuming you will always type the same way. (0)

Anonymous Coward | about a year ago | (#43048903)

Well, how often people get a sprain wrist, or a smashed finger?
How often people forget their password, or mistype it three times and now the system lock their account?
When normal things like that happen, there is a secure process to reset the authentication system.

Re:Assuming you will always type the same way. (3, Insightful)

kangsterizer (1698322) | about a year ago | (#43049103)

" Hopefully, there would be alternate authentication methods built in"

And then, I would question the security improvement of behavioral authentication. If I'm going to login and I'm an attacker, I'll just use the alternate authentication then.

Reminds me of https://wellsoffice.wellsfargo.com/ceoportal/signon/loader.jsp [wellsfargo.com]

Re:Assuming you will always type the same way. (0)

Anonymous Coward | about a year ago | (#43049121)

If they can make an algorithm that detects who you are based on typing nuances, I bet they can make it adaptive too. Consider that without any 'what-if's I already type on five different keyboards daily - a phone with a keyboard, same phone with swype, a tablet with an on screen keyboard, a desktop ergonomic keyboard and my laptop keyboard. I think making it adaptive to all these situations will be critical and from there, adapting to my different 'moods' should be just a repeat of the same work.

Re:Assuming you will always type the same way. (1)

Anonymous Coward | about a year ago | (#43049285)

I don't type the same way when I am the desktop, on the couch with the laptop used as a movie viewer, with the other netbook and his remapped cheapo german keyboard...
And a keylogger can log the timing too, look at the unix command typescript and its options, it's trivial.

Re:Assuming you will always type the same way. (1)

mrmeval (662166) | about a year ago | (#43050839)

On the minus side as always "The problem with biometrics is keeping the body parts alive."

Now it means having to keep just enough alive it can act like the original.

IMPOSTOR DETECTED (-1, Troll)

Anonymous Coward | about a year ago | (#43048671)

BROKE MY CAPS LOCK KEY TROLLING SLASHDOT THREADS> NOW MY MACHINE THINKS I AM BREACHING SECURITY>

Patent pending (0)

Anonymous Coward | about a year ago | (#43048693)

Measure a user's reaction to pictures from 4chan.

Re:Patent pending (1)

Aaden42 (198257) | about a year ago | (#43048975)

So you're suggesting we run some sort of DNA biometric test based on the vomit that hits the keyboard?

Re:Patent pending (0)

Anonymous Coward | about a year ago | (#43051405)

Measure a user's reaction to pictures from 4chan.

That would be like the company officially endorsing child porn.

Fail out the gate! (5, Interesting)

SirAstral (1349985) | about a year ago | (#43048729)

I have experienced Behavior Biometric Denial of Services. Humans are just too erratic, imagine this.

Your front door is locked using this method. All of a sudden you are outside and a thug walks by making obvious threats and you start running inside to get away or get your gun and the door now locks your ass out.

You are using email services and you start looking for a job and with the sudden increase in email traffic and/or login presence causes your service to block your account temporarily because of behavioral changes. (this actually happened to me for a short time)

I was in the middle of waiting for an actual offer letter when this occurred... very frustrating!

Re:Fail out the gate! (0)

Anonymous Coward | about a year ago | (#43048871)

for high security apps this would be good for logging potential breechs

Re:Fail out the gate! (1)

mbone (558574) | about a year ago | (#43049027)

I have this mental image than in the future some people will be discriminated against because they cannot resolve captchas. Maybe there will be a job for those who are more human than normal humans.

By the way, try imposing a sudden spurt of activity on your credit card. Likely you will find it blocked. That happens to me all of the time, so i can believe your emails were blocked as well.

Re:Fail out the gate! (0)

Anonymous Coward | about a year ago | (#43050531)

I have experienced Behavior Biometric Denial of Services. Humans are just too erratic, imagine this.

Try flowers and chocolate, perhaps some red wine...

And be sure to watch this . http://www.youtube.com/watch?v=yn3cHsHnUPM [youtube.com]

Re:Fail out the gate! (1)

manu0601 (2221348) | about a year ago | (#43051809)

All of a sudden you are outside and a thug walks by making obvious threats and you start running inside to get away or get your gun

It is amazing how guns are differently perceived among countries. This scenario is just science fiction for me.

Re:Fail out the gate! (1)

rHBa (976986) | about a year ago | (#43053373)

Same here luckily. Where I'm from it's also highly unlikely the assailant will have a gun.

Re:Fail out the gate! (1)

manu0601 (2221348) | about a year ago | (#43055155)

And if the assailant does have a gun, I prefer to give him my wallet rather than having a gun on my own to defend myself. Odds are high that I would be shot, and my wallet is not worth my life.

New authentication options (4, Funny)

sl4shd0rk (755837) | about a year ago | (#43048817)

1) SHA1 password
2) Enterprise LDAPS
3) Tourrets

Smells like an academic spinoff (4, Insightful)

c0d3g33k (102699) | about a year ago | (#43048823)

I've encountered lots of projects over the years that sound neat on paper and have enough meat to flesh out a thesis-sized research project, but don't quite have the universal applicability that translates to widespread practical (and financial) success in the real world.

Two problems jump right out at me:

1. Instead of having to remember a sequence of characters, a user now has to remember and replicate a set of obscure behavioral quirks. Or actually they don't, because it's supposed to be innate. But just as a signature isn't identical everytime, the quirky typing won't be either, leading to possible authentication failures, unless the authentication method is forgiving enough to take this into account. ... which leads us to

2. It's open to mimicry, particularly if it's forgiving enough to account for natural variability. Authenticate enough times around an observant person with a knack for forgery and they can pick up on the patterns. A little bit of practices, and those rhythm and style quirks can be copied. Even easier if they can record video and/or audio with a mobile device.

If the mimicry is successful, it's a lot harder to learn a new set of unconscious quirks than to just memorize a new password.

Overall, the method seems academically interesting but not feasible in practice, except perhaps in a limited set of circumstances.

Re:Smells like an academic spinoff (5, Interesting)

mmelson (441923) | about a year ago | (#43048891)

This is not so much an authentication method as a heuristic used to decide whether or not to ask for additional credentials. It's exactly analogous to the way security questions work for online banking. If it recognizes you, there's a good chance you are who you say you are and your password is considered sufficient. But, if it doesn't recognize you, that isn't necessarily indicative of an impostor, just that it needs to ask for more information (in the form of a token, smartcard, security question, etc) before it can be confident you are who you say you are.

A "yes' from this this is acceptance, but a "no" is not a complete rejection. It just makes you jump through an extra hoop or two.

Worked for us for millions of logins already (2)

raymorris (2726007) | about a year ago | (#43049671)

We've been tracking keystroke rhythm on Girls Gone Wild and some other popular sites for several years. Based on analysis of several million login attempts, it does work.

In that implementation, at least, the keyboard rhythm is one of SEVERAL factors that are considered. A sprained finger probably wouldn't keep you out, unless you were also a) far from home and b) using a different computer than you normally do. All three factors combined would make it seem likely that it was someone else trying to access your account. Just one factor alone wouldn't trigger anything.

It's actually a lot like how you recognize people in your offline life everyday. For people you know, there are a dozen or so factors which let you quickly recognize one of your family members even from behind, and from a block away. For people you don't know, you can recognize suspicious people because your brain considers a few dozen factors, such facial expression, body language, dress, anything they have in their hands, etc. You then respond to the combination of all of those factors. Most of the time, you can instantly distinguish between a robber entering a store and a normal customer. That's roughly how these systems can work, how Strongbox works - by considering keying rhythm as one of several factors, just as you can use hair style as one factor in recognizing your boss or your wife from across the room.

It will never be reliable enough... (3, Interesting)

stretch0611 (603238) | about a year ago | (#43048837)

What happens if I am sick? My mental acuity is not the same when my head is pounding with a headache... My reactions are slowed. Even if you can account for the difference in attentiveness between the start of the work day and the end, will you be able to recognize me when someone wakes me at 3am to troubleshoot?

Even without sickness and sleepiness, anything that can affect my mood can bring some minor changes to my typing habits. Even if they use cameras to measure eye movement, mood will be a factor. Think of how well you type (or how you would expect to) during major life changing events such as marriage/divorce/birth of children/death of parents. Can the even account for differences between days that you get promoted (or at least praised) compared to the day when your boss chews you out.

Then there are physical changes... Anything from a paper cut to carpal tunnel syndrome, or breaking a bone and getting a cast will seriously impact your typing.

Finally, what happens when your keyboard (or mouse) breaks and you need to get a new one. Even if it is the same model, a new one will generally have stiffer keys and buttons. You would be screwed if it had a different layout of keys or if it was a model of a different size. As for smart phones and tablets, what happens when you buy a new phone?

I'm sorry, I do not believe that this can be reliable enough. Even though I am somewhat impressed with Analytic software's ability to determine people's behaviour, that works on the masses with a margin of error; there will always be a few fringe cases that do not fit the mold; for authentication you need to be right, all the time, and I do not see that possibility.

Re:It will never be reliable enough... (4, Insightful)

mmelson (441923) | about a year ago | (#43048957)

I posted this before, but I'll summarize here:

If this matches, it's likely that you are who you say you are. If this doesn't match, it just asks for additional factors of authentication (security questions, smartcards, etc). It is not a replacement for any other form of authentication.

Re:It will never be reliable enough... (1)

Anonymous Coward | about a year ago | (#43049275)

Which lands us with some other form of authentication, since this one will not be relevant to an attacker. You just purposely fail it and get asked an easier question.

Re:It will never be reliable enough... (1)

mmelson (441923) | about a year ago | (#43049377)

Except that it's less about keeping the wrong people out and more about making it easier for the right people to get in. The masses don't like multi-factor authentication because, frankly, it's way more of a pain than just typing in a password. This sort of technology encourages adoption of more secure methods because, assuming it works well, Mr. Bank get more security, and, because it is much more user friendly, they won't get a ton of calls from their users bitching about how much of a pain it is to log into their online banking site.

Re:It will never be reliable enough... (1)

camperdave (969942) | about a year ago | (#43050077)

Which lands us with some other form of authentication, since this one will not be relevant to an attacker. You just purposely fail it and get asked an easier question.

What makes you think the fallback questions will be easier?

Re:It will never be reliable enough... (0)

Anonymous Coward | about a year ago | (#43049061)

"What happens if I am sick? My mental acuity is not the same when my head is pounding with a headache... "
"...during major life changing events such as marriage/divorce/birth of children/death of parents..."
"...physical changes... Anything from a paper cut to carpal tunnel syndrome, or breaking a bone and getting a cast will seriously impact your typing."
"...your keyboard (or mouse) breaks and you need to get a new one. "

You might type your password three times incorrectly and be locked out of the system. You might forget your password.
It biometrics is as reliable as using your password.
This could be use in combination with a password for more robust identification.
For instance, if you type your password at a different rhythm, it might prompt you to use your three security questions/answers to confirm it is you.

Re:It will never be reliable enough... (1)

whois (27479) | about a year ago | (#43049205)

It doesn't need to be reliable enough to work 100%. At a certain accuracy level it could be enough to trigger secondary authentication.

I tend to walk away from my computer at work for trivial reasons, and I don't always lock the screen. So I started thinking about this a few years ago. I was thinking bluetooth triangulation might be good, but that could be defeated by leaving your keys on your desk or a few other means. So I thought "what if the computer could detect my keyboard rhythm to a certain level of confidence and lock the screen if it didn't think it was me.

Couple this with webcams and other things and you would have a pretty reliable method to stop casual snoopers and pranksters.

So how about this:

if Rhythm doesn't match:
Checks for proximity of bluetooth device
Turns on webcam to check for basic similarities
checks other computers you manage to see if you're actively using one of those

finally:
locks the screen

Re:It will never be reliable enough... (1)

dpidcoe (2606549) | about a year ago | (#43049257)

This kind of monitoring would be terrible to rely on for actual authentication. However, it could be very useful for things like displaying the %match of typing patterns of the person you think you're talking to via IM (a particular bash.org quote comes to mind). Just sending a notification somewhere to say that behavioral patterns suddenly don't match anymore and a real person should go check it out

The key is using it not as an authoritative authentication measure, but as additional information that can be analyzed alongside other information in order to get a more accurate version of what's actually happening.

Re:What happens if you are sick? (1)

transporter_ii (986545) | about a year ago | (#43049261)

What if you don't know you are sick and this detects it? An interesting way for Microsoft or Apple to monetize this would be to patent an alzheimer's detection algorithm...quickly.

About time (4, Informative)

edcheevy (1160545) | about a year ago | (#43048939)

Bryan & Harter (1899) noticed telegraph operators could identify one another through rhythm and style, nice to see someone finally apply that! :-)

http://psycnet.apa.org/journals/rev/6/4/345/ [apa.org]

Re:About time (0)

Anonymous Coward | about a year ago | (#43049299)

This (detecting users from personal typing quirks) isn't new. It have been repeatedly proposed as an extra security layer since at least the 90ies and probably before that. I even did some research (read hacking) in the area myself with reasonable results.
But it's always just an extra security layer - while it could e.g. be used to detect intruders or authorized users under pressure for high security systems the error marginal on reasonable amount of typing is simply too high for other use. So yes, it works as a tripwire in high security systems but nothing else. IMHO, YMMV.

Megol

Re:About time (2)

lurker1997 (2005954) | about a year ago | (#43050677)

This is what I came here to see or post. I like to read spy novels from the 60s-80s. Within the last year I read one (no idea now which one now, maybe something by Frederick Forsyth) with this used as a plot device. Something about operators trained to purposefully change from their usual rhythm to indicate duress I think.

Prior art (2)

sanchom (1681398) | about a year ago | (#43048967)

Rick Joyce and Gopal Gupta - Identity Authentication Based on Keystroke Latencies [pace.edu] , 1990

F Monrose, A Rubin - Authentication via Keystroke Dynamics [ucdavis.edu] , 1997

Arkady G. Zilberman - US Patent 6442692: Security method and apparatus employing authentication by keystroke dynamics [google.com] , 1998 (I think some of the claims in this patent could be invalidated because of previous disclosure in the 1990 and 1997 papers)

An old idea (2)

mbone (558574) | about a year ago | (#43048979)

Back in the morse code days, people used to ID senders through their keying style. This was fairly routinely used (and abused) in the military - for example, when the Japanese Navy went to attack Pearl Harbor, the normal radio operators were kept behind and sent messages from (IIRC) the Kuril Islands, in case the US was tracking them as belonging to the carriers (which I don't believe we were).

Re:An old idea (2)

DutchUncle (826473) | about a year ago | (#43049199)

The idea of ID by keyboard style was used in science fiction in the '60s and '70s by multiple authors. Heinlein, "The Moon is a Harsh Mistress"? When I tried googling, though, I found descriptions from 2012, 2010, 2009, 2003, and 1989.

See also the important pause between spoken words in Rudyard Kipling's "The Great Game".

Re:An old idea (1)

camperdave (969942) | about a year ago | (#43050163)

The idea of ID by keyboard style was used in science fiction in the '60s and '70s by multiple authors. Heinlein, "The Moon is a Harsh Mistress"? When I tried googling, though, I found descriptions from 2012, 2010, 2009, 2003, and 1989. See also the important pause between spoken words in Rudyard Kipling's "The Great Game".

How about Tron's "It felt like Flynn"?

Aside: They really need to make "The Moon is a Harsh Mistress" into a movie, or a mini-series.

[Detects one-handed lingerie browsing] (3, Funny)

GodfatherofSoul (174979) | about a year ago | (#43049013)

My Laptop: "Yep, that's him..."

Military intel used to do this to radio operators (1)

Nimey (114278) | about a year ago | (#43049055)

With enough analysis, military intelligence could tell exactly which enemy radio operator was banging out Morse code into their radio, based on things like rhythm, speed, and how hard the key was struck. They call this metric the R/T operator's "fist".

Re:Military intel used to do this to radio operato (1)

Gordonjcp (186804) | about a year ago | (#43050497)

Exactly. Even if you're not very good at sending or receiving Morse, you will have a distinctive "fist" - just as distinctive as your handwriting or the sound of your voice. As you get better, your speed and accuracy will improve but your fist will sound just the same.

Machine-sent Morse is as weirdly unintelligible as synthesized speech, and for much the same reason - the inflections are missing or wrong.

That's not a new technique (1)

maxwell demon (590494) | about a year ago | (#43049089)

This method had been on the market at least since 2007: https://de.wikipedia.org/wiki/Psylock [wikipedia.org] (German Wikipedia; there's apparently no English version of that page)

and Strongbox has ben doing is for about that long (1)

raymorris (2726007) | about a year ago | (#43049567)

Also Strongbox, the security system used by sites like GirlsGoneWIld, has had this for years.
In that implementation, at least, the keyboard rhythm is one of SEVERAL factors that are considered. A sprained finger probably wouldn't keep you out, unless you were also a) far from home and b) using a different computer than you normally do. All three factors combined would make it seem likely that it was someone else trying to access your account. Just one factor alone wouldn't trigger anything.

Re:and Strongbox has ben doing is for about that l (1)

maxwell demon (590494) | about a year ago | (#43049803)

Of course a) and b) are strongly correlated. If I'm at home, I usually use my desktop computer; if I'm far away from home, I'll certainly not use that; I'll typically use my laptop. Now if I type differently on my laptop than on my desktop (not unlikely, since the keyboard is noticeably different), that means I would not be able to get into a Strongbox site when abroad.

Happy surprise. Like your wife's haircut. (1)

raymorris (2726007) | about a year ago | (#43050099)

Now if I type differently on my laptop than on my desktop (not unlikely, since the keyboard is noticeably different)

That was one of the very first things I wanted to test, in the proof-of-concept stage. I asked someone who normally uses a laptop to instead use MY desktop keyboard. So they were going from their familiar laptop to an unfamiliar desktop keyboard. I was glad to see that with the elements we were measuring, it still looked like the same person - even on a totally different type of keyboard.

Understand this is similar to using hair (style and color) as factors in recognizing someone you know. If you see someone from the back who SAYS they are your wife, and their hair is the same COLOR as your wife's, and the same LENGTH as your wife's, and the same STYLE as your wife, and they are the same HEIGHT as your wife, and the same BODY TYPE, and have the same pitch VOICE, you can recognize that's probably your wife. A stranger is not likely to fool you.

Going the other way, when your wife gets a hair cut, you still recognize her versus an imposter. You may even still be able to detect an intruder even by the hair still, as their hair is likely a different length and more or less curly, etc. A different keyboard, int he worst case, is like a new haircut - it only changes part of the rhythm, and the keying rhythm is only part of the recognition.

Re:Happy surprise. Like your wife's haircut. (1)

maxwell demon (590494) | about a year ago | (#43050941)

What about different keyboard layouts (e.g. someone normally using Dvorak using a Qwerty keyboard on another computer)?

Great question (1)

raymorris (2726007) | about a year ago | (#43052863)

That's a good question and one I'll have to test. Based on other tests, I'm fairly sure that a Dvorak user who is on a qwerty would be recognized - everyone is familiar enough with qwerty, so their fingers would still tap keys in a similar way. On the other hand, a trained qwerty TYPIST suddenly using dvorak would have that indicator show up as "possible difference". That's because they'd have to switch from typing to hunt-and-peck. Still, that's analogous to your wife getting a totally new hairstyle - you'd notice the difference, but probably not mistake her for an intruder.

Advertisers (0)

Anonymous Coward | about a year ago | (#43049135)

In the video, he mentioned his hope to have a centralized authentication service that third parties access. As someone who works in the online ad industry, I really hope that some regulatory body will layout some legal framework to prevent abuse.

What video? (0)

Anonymous Coward | about a year ago | (#43049153)

As always, Slashdot is a decade behind in technology and still tries to use Flash to display video.

Re:What video? (0)

Anonymous Coward | about a year ago | (#43049485)

As always, Slashdot is a decade behind in technology and still tries to use Flash to display video.

and they have fscked up the video URL too, so it can't be shared on twitter or email

"http://NO.JAVASCRIPT#ooid=YyNm1yOTqlxfwTNwfKmPqj3iBtXkXZUY"

wtf??

I broke my arm (1)

EmagGeek (574360) | about a year ago | (#43049231)

What do I do now?

Tracking (2)

RenHoek (101570) | about a year ago | (#43049369)

This technique is quite old, but it's not the typing you should be focusing on, but more general computer usage. Think like an Intrusion Detection System, anything that would constitute abnormal behavior. Example:

Mar 1 18:05:57 localhost - User started web browser application
Mar 1 18:06:12 localhost - User opened 17 tabs to various porn sites
Mar 1 18:08:20 localhost - User closed browser
Mar 1 18:08:24 localhost - Microphone picking up sobbing noises
Mar 1 18:08:26 localhost - User identity verified.

Re:Tracking (0)

Anonymous Coward | about a year ago | (#43049571)

Eight seconds. That's fast! Sobbing should be expected.

Wait until malware coders get hold of this... (1)

Anonymous Coward | about a year ago | (#43049379)

Future security awareness advice: "If you type without rhythm, then you won't attract a worm..."

And then... (0)

Anonymous Coward | about a year ago | (#43049511)

You have a mini stroke. Tada!

Luleå is not in Lappland (0)

Anonymous Coward | about a year ago | (#43049527)

Sorry folks, it's in Norbotten.

My credit union ahs had this for several years (1)

SuseLover (996311) | about a year ago | (#43049871)

I went through this at Forum credit union when I signed up for and activated my online account there. I had to go through a "training" exercise by entering my password 5 times until the system was satisfied it found my "pattern" of cadence & rhythm of typing.

It has only failed to log me in a couple times over the years and all it does is make you answer your security q's when it fails.

Just upgraded my keylogger (0)

Anonymous Coward | about a year ago | (#43050191)

To record the time between keystrokes. Thanks guys!

And when you buy a new keyboard? (0)

Anonymous Coward | about a year ago | (#43051239)

At work last month, the programmers were forced to get rid of our das keyboards because of complaints from the noise. The company bought us the new Dell model KB212 keyboards. If you type fast, it drops about 20% of the key presses. Our Dell salesrep told use the keyboard was designed to require a "firm and deliberate" key press. Most of the reviews on dell.com of the keyboard mentioned the dropped key presses. The sounds I hear now from my coworkers are much slower typing with pauses to read what is on the screen to check for dropped key presses. With this sort of system, going from a decent keyboard to a Dell one would break authentication.

Re:And when you buy a new keyboard? (0)

Anonymous Coward | about a year ago | (#43051533)

Is this the one:

http://accessories.dell.com/sna/productdetail.aspx?c=us&l=en&s=gen&sku=331-2249

We moved all of that Dell model to the non touch typists because they're noisy due to the loose khttp://it.slashdot.org/comments.pl?sid=3507765&cid=43051239ey caps. Also, I got tired of hearing people whine about missed key presses. If you're the type of person that types with only two fingers, the keyboard is only mildly annoying rather than unusable.

old tech, and not that useful (1)

stenvar (2789879) | about a year ago | (#43052331)

This is decades old technology, and there's a reason it hasn't caught on: it has potentially high false negatives and high false positives.

Behavioral measures are useful for forensics, but they are not useful for authentication.

...good for surveillance bad for authentication (1)

LeifOfLiberty (2812101) | about a year ago | (#43052759)

Biometrics are good for surveillance but not for authentication. A good authentication method supports revocation of an identification key, such as would be needed in the event of its compromise. It should not be trusted as a factor in authentication either, for the same reason. Great for theater though I suppose. Article about it here growingliberty.com/thumbs-down-for-fingerprint-identification [growingliberty.com]

Reliability is the issue with playful artificial k (1)

John Allsup (987) | about a year ago | (#43053191)

I devised a JavaScript kitten doing just this using mouse and key events perturbing a feedback loop just on the cusp of chaos and with at least three attractor patterns. You then sample a fingerprint from the loop state. It's great when reliability isn't required. But non human recognisers are unfortunately prone to making silly errors.

Lappland? (1)

Porchroof (726270) | about a year ago | (#43053477)

I've never heard of Lappland, but I have heard of Lapland.

behavior is unreliable (1)

l3v1 (787564) | about a year ago | (#43053583)

People do not behave consistently in all situations, all occasions, all times of the day, and so on and so forth. I've seen works like typing and whatever-biometric+behavior based authentication attempts at conferences before, problem is, the false alarm rate is always unacceptably high. You're sitting in front of the machine, an e-mail arrives that makes you frustrated or angry and boom, most of your typing patterns will change. You're tired, or playing, or IMing different people, or coding or just browsing, your kid comes around for a bit, your cat jumps in your lap, and if you take a bit of care you'll notice almost all these activities come with at least a slightly different typing and/or behavioral style. And there's no way you can reliably learn to associate those very varying styles to the same person, since in the end, if you look long enough, everyone will just look the same. Well, I wish them good luck with this, but I'm fairly sure I'm never going to use such a thing, since I'm simply not into masochism that much.

Dogwalker (1)

swilde23 (874551) | about a year ago | (#43054277)

Great Raspberry Pi application (0)

Anonymous Coward | about a year ago | (#43054585)

Hook this system into a Raspberry Pi and ... you can wave your arm to authenticate yourself to deactivate the screen saver and keep the automatic lights from turning off at the same time!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>