Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Users Identified Through Typing, Mouse Movements

Soulskill posted about a year ago | from the this-guy-always-whacks-his-space-bar-really-hard dept.

Input Devices 149

mask.of.sanity writes "Users can be identified with a half percent margin of error based on the way they type. The research work has been spun into an application that could continuously authenticate users (PDF), rather than just relying on passwords, and could lock accounts if another person jumped on the computer. Researchers are now integrating mouse movements and clicks, and mobile touch patterns into the work."

Sorry! There are no comments related to the filter you selected.

Harry Reid (-1)

Anonymous Coward | about a year ago | (#45490193)

Every time Harry Reid does anything, we keep hearing these rumors that he is a insatiable pederast and murderer nicknamed the 'Searchlight Strangler' and that he's on the mob payroll. And he never denies it. What should we think?

Re:Harry Reid (0)

Reverand Dave (1959652) | about a year ago | (#45491725)

You're confusing him with Glenn Beck.

There goes the neighbourhood. (5, Funny)

six025 (714064) | about a year ago | (#45490195)

So that means no more posting on Slashdot while drunk?

Not sure If this post is funny or insightful ;-)

Re: There goes the neighbourhood. (2, Insightful)

Anonymous Coward | about a year ago | (#45490331)

I'm guessing my typing and mouse useage habits change significantly when I get pissed off from being locked out of a system by a security method I can't directly control.

Using the mouse and keyboard as high velocity projectiles, cords streaming out behind them as they fly across the cube farm and impact the managers face that implemented such an idiotic authentication scheme come to mind. Authenticate this bitches!

Re: There goes the neighbourhood. (2)

TWX (665546) | about a year ago | (#45490485)

Well, being angry is certainly one thing that may matter, but having multiple devices is another.

I'm typing this on a Sun Type 6 USB keyboard. Next to me is one of those early full-size clear Apple USB keyboards. At home I use a Gateway 2000 "Anykey" keyboard on my desktop, and the integrated keyboard in my laptop when using that machine. I use a Kensington Expert Mouse trackball at home on the desktop, the integrated touchpad on the laptop as well as an external Logitech mouse, a Kensington Orbit Optical trackball on one computer, and a Microsoft Intellimouse on another computer.

I expect that my mouse movements and typing styles vary from computer to computer. If the point of an authentication scheme using this sort of method is to be global, I'd end up with either lockouts or with multiple profiles, requiring updating every time I use different equipment. Right now we're up to four without even going into other computers I have casual use of, and I can only see that going up over time.

not a problem. Tall white guy w long blonde hair (2)

raymorris (2726007) | about a year ago | (#45491311)

Different devices really aren't a problem. It's a lot like recognizing your family members while they are wearing different outfits. A twenty-something black lady, pregnant, with medium length braids sitting in my couch is probably my wife. Without my glasses my vision is 20/100 but I could almost always distinguish an intruder vs. my wife. Most likely, an intruder would look nothing at all like my wife.

  That's a good analogy for how we use this type of technology in Strongbox. We start with the fact that they claim to be John or whoever the account holder is. We don't have to identify who they are, just whether or not they look like John. Certain characteristics of his typing style are pretty consistent across different keyboards. We combine that with location, browser choice, etc. to see if the person claiming to be John probably is actually John or not.

Re:not a problem. Tall white guy w long blonde hai (0)

Anonymous Coward | about a year ago | (#45491501)

Until John is sick or injured, and then you compound his woes by locking him out.

No. Been sick, been injured, not been locked out (3, Informative)

raymorris (2726007) | about a year ago | (#45491831)

If you hadn't tried it, you'd think that might be a problem. In fact, it's not.

I've been sick, I've been injured. My COO has been sick a lot. We log in to systems using Strongbox maybe four times per day.
Four times per day times about 400 days = 1600 logins for each of us. We haven't been locked out based on keyboard and mouse yet. Looking at millions of user logins, the keyboard and mouse indicators closely track the other indicators we use. By that, I mean if the real user scores 41-52-07 and they are in the US, when see a log in attempt with a score of 24-92-18 that attempt will come from China.

Re:not a problem. Tall white guy w long blonde hai (1)

jonbryce (703250) | about a year ago | (#45491649)

But my typing pattern is surely very different if I am typing on an IBM Model M keyboard, or on the on-screen keyboard on my iPad, just like your wife's walking pattern is probably very different if she is walking in 6" stilletos, or in a pair of trainers.

Re:not a problem. Tall white guy w long blonde hai (1)

Reverand Dave (1959652) | about a year ago | (#45491805)

The point being that there will still be identifying characteristics that will span all walking styles of regardless of shoe type. Meaning someone that always types hte instead of the will do it no matter which keyboard they are tying on. A person that uses the hunt and peck will do it no matter which keyboard they are using.

Re:not a problem. Tall white guy w long blonde hai (1)

mjr167 (2477430) | about a year ago | (#45492255)

What if I'm eating my lunch and only typing with one hand?

Re:not a problem. Tall white guy w long blonde hai (1)

Em Adespoton (792954) | about a year ago | (#45492745)

What if I'm eating my lunch and only typing with one hand?

Then this is probably something you do regularly.

The thing that gets me though is, how does this deal with network lag? If you're doing remote login, it'll add all sorts of interference based on how responsive the connection is. Thus, if I went on a business trip to China and attempted to log in, would the system still recognize me as me?

Mouse use really is a very personal thing though; people tend to do very different things with their mice while typing.

Think of this not as a way of identifying an individual, but of screening out those who are obviously NOT that individual. This problem is _much_ easier to solve.

Re:not a problem. Tall white guy w long blonde hai (1)

parkinglot777 (2563877) | about a year ago | (#45492209)

I am not so sure about consistency of typing style across every keyboard. Some keyboards buttons are bounced nicely and that made me feel like typing faster. Some aren't that great and frustrated me which in turn slows me down or causes stop-and-go effect on my typing style. Also, different keyboard layout affects the way I type because I need to adjust my fingers (especially my right pinky) to reach certain button/character. I also like to use num-pad to enter numbers rather than the number button on the top row (and most laptops don't have the num-pad). Recently, I bought a new keyboard and the 'Enter' button shape is different from the old one plus the backslash button is moved 1 row down (right in front of the 'Enter' button). As a result, I kept hitting backslash button instead of the 'Enter' even though I am trying to be more careful.

Even though one could have similar typing style, I doubt that it is always the same on every keyboard. If this authentication system can detect that, it is great; otherwise, it could be a big failure instead.

Re: There goes the neighbourhood. (1)

Jeff Flanagan (2981883) | about a year ago | (#45491507)

Well, that's one way to get rid of employees with anger-management problems.

Re:There goes the neighbourhood. (4, Interesting)

king neckbeard (1801738) | about a year ago | (#45490397)

This would probably be a far more useful application of it. Say that you have a tendency to drunkenly dial/text a certain subset of people. If your phone detects that you are drunk, it prevents you from dialing those numbers and embarrassing yourself.

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45490453)

Actually those kinds of identification, if done right, are quite robust to drunkeness, since they just take into account the ordering between the times for keystokes tuples, not the actual times. I wrote my diploma thesis on the topic (regenerating the dynamics for the password from other text the user types) and just had to try it back then ;-)

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45492271)

Bonus less texts from your nana with dementia.

Re: There goes the neighbourhood. (1)

Anonymous Coward | about a year ago | (#45490549)

I am hoping that this technology can be used to curb the moron in the next cube here. He is borderline obsessive-compulsive, and hammers his semi-clicky keyboard in a way analogous to machine gun burst. He also has apparently never heard of enhanced document formatting, so the bursts if actual typing are punctuated by the sporatic rattle of the spacebar.

Hopefully for the security and continued survival of this business, some new feature will soon completely lock him out of the computer.

Re: There goes the neighbourhood. (1)

Stewie241 (1035724) | about a year ago | (#45492911)

Nah it will just mean that he won't be able to change that entertaining habit or he'll get locked out of his workstation.

Re: There goes the neighbourhood. (1)

beaverdownunder (1822050) | about a year ago | (#45490573)

This has been tried before and the frailty to the model (now as in the past) is people are not consistent.

We change. Some of us change several times each day, not schizophrenia-like but still distinctly. But not necessarily consistently.

Not a great authentication method. Sorry kids.

Re:There goes the neighbourhood. (1)

mrhippo3 (2747859) | about a year ago | (#45490879)

And this is a "surprising" result because...? Of course you develop patterns based on how "fast" you type. As a "some fingers" typist, my timing between key presses probably does not vary too much. It is easy to see how the time difference between key presses (based on the prior and following characters) and even some words can be predicted with a reasonable degree of accuracy. Thinking of these patterns like the "stripes" on a DNA scan you can easily do a pattern match to uniquely identify which set of keystrokes "belong" to you. This does not sound like rocket science as it is pure observation.
The technology is probably similar to the type of motion analysis done with most sports. As a committed cyclist, there are a number of tools to measure your pedal stroke (power, speed, position). Again, you can easily do a pattern match. Muscle memory is visible when plotted.
My only surprise is that it has taken so long for this non-astounding discovery.

Re:There goes the neighbourhood. (2)

Hognoxious (631665) | about a year ago | (#45492953)

In WW2 British radio interception staff could recognise individual telegraphists by the rhythm of their dits and dahs - a Morse accent if you like.

Since some reused their encryption settings this was a help to the codebreakers.

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45490903)

i just can't wait till my phone locks me out because I'm tryint not to spill sweet and sour on it. and using my thumb to enter the pin

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45491151)

No need to worry about that. Slashdot's new registration policy will be a week long, and involve being under the influence of at least half a dozen legal and illegal substances.

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45491659)

Also, no more one-handed typing. Unless you do it all the time, of course.

Re:There goes the neighbourhood. (0)

Anonymous Coward | about a year ago | (#45491703)

or after injury or before taking pain meds for carpal tunnel :-/

tough luck when... (3, Interesting)

harvey the nerd (582806) | about a year ago | (#45490223)

...your hand gets caught in the car door and your cash/food/alcohol supply shuts down for 3 weeks.

Well.. (0)

Anonymous Coward | about a year ago | (#45490227)

I see no possible downside to this technology. *rolls eyes*

Re:Well.. (5, Funny)

DeathToBill (601486) | about a year ago | (#45490377)

You shouldn't roll your eyes if you want to remain anonymous. Research shows that eye rolling is highly individual and we can use your webcam to track your eye movements and identify you.

Re:Well.. (1)

roman_mir (125474) | about a year ago | (#45491285)

Not everybody has eye sockets and not all those who have them have eyes, you insensitive clod!

Re:Well.. (1)

bob_super (3391281) | about a year ago | (#45492261)

Is that feature in the initial release of the XBone, or in the updates?

What about when there's a gun at my head? (0)

Anonymous Coward | about a year ago | (#45490231)

Would my typing and mouse movements change when the perp puts a gun to my head and tells me to log into my bank account?

Re:What about when there's a gun at my head? (2)

Shavano (2541114) | about a year ago | (#45490367)

"OK, now what account do you want me to transfer that money to?"

There's a reason criminals prefer cash.

Re:What about when there's a gun at my head? (1)

fluffythedestroyer (2586259) | about a year ago | (#45490503)

Watch us next week on "America's Dumbest Criminal" as a perpetrator gives his personal bank information to his victim. Tonight at 20pm on Fox.

Re:What about when there's a gun at my head? (2)

DeathToBill (601486) | about a year ago | (#45490385)

I dunno, let's try it! Imagine I'm putting a gun to your head, then transfer all your money to my bank account.

Not that useful.. (1)

popoutman (189497) | about a year ago | (#45490233)

Yep, sounds like a great idea in theory. What happens when I'm trying to work through a migraine? That definitely changes my computer use patterns and mouse usage characteristics.

May apply more to the usage of mobile smartphones to prevent being fraped these days.

Re:Not that useful.. (0)

Anonymous Coward | about a year ago | (#45490523)

either that or some troll comes along and smacks your keyboard

Re:Not that useful.. (2)

somersault (912633) | about a year ago | (#45490615)

I don't really get the hate for this stuff.. if you experience an unusual situation where it locks you out, I'm assuming there would be a way to type in your password, and possibly disable the system for the rest of the day.

I think it sounds like a pretty cool feature for very security conscious users/businesses. I tend to lock my machine manually when I leave my desk, but sometimes I forget. I do have a screensaver which locks the screen, but there is an exploitable window there. Since I'm an admin, anyone with access to my machine can access anything they want on our network. Even if I used an unprivileged network account by default, what if I had a privileged remote desktop window open and suddenly got called away from my desk on an urgent matter?

To be fair if someone has physical access to your office, and really wants access to your machine, they will find a way - but this system stops opportunists at least.

Re:Not that useful.. (1)

Stormy Dragon (800799) | about a year ago | (#45490897)

I'm assuming there would be a way to type in your password, and possibly disable the system for the rest of the day.

Wouldn't anyone trying to break in just do that then? So what good is it for security?

Re:Not that useful.. (1)

Fwipp (1473271) | about a year ago | (#45490983)

If they already know your password...

From TFS: "The research work has been spun into an application that could continuously authenticate users (PDF), rather than just relying on passwords, and could lock accounts if another person jumped on the computer."

So, not for initial authentication, but if you forgot to lock your computer.

Re:Not that useful.. (1)

Em Adespoton (792954) | about a year ago | (#45492897)

I don't really get the hate for this stuff.. if you experience an unusual situation where it locks you out, I'm assuming there would be a way to type in your password, and possibly disable the system for the rest of the day.

I think it sounds like a pretty cool feature for very security conscious users/businesses. I tend to lock my machine manually when I leave my desk, but sometimes I forget. I do have a screensaver which locks the screen, but there is an exploitable window there. Since I'm an admin, anyone with access to my machine can access anything they want on our network. Even if I used an unprivileged network account by default, what if I had a privileged remote desktop window open and suddenly got called away from my desk on an urgent matter?

To be fair if someone has physical access to your office, and really wants access to your machine, they will find a way - but this system stops opportunists at least.

1) if there's an override, then anything other than casual use by someone else will not be prevented.
2) you're right about screen locking; I've been trying to figure out for years why there are so few bluetooth pairing apps for auto screen locking available. This is something that should be part of every OS in 2013.
3) If you're an admin, you should know that your machine should not be the keys to the network -- sure, given enough time, someone with full access to your machine might be able to gain some access to the network, but as the admin, you shouldn't be caching all your passwords, you should be using another authentication technique (smart card, paired phone, etc.) or at least have to enter in the master key for your password manager each time you want to retrieve a unique password for use (this assumes you have the standard 5 to 7 you use regularly memorized).

One question I have about this system... how long does it take to kick in? There are many activities that it doesn't take very many mouse/keystrokes to initiate, especially if the situation is opportunistic and the sensitive remote desktop is already logged in.

OK... this turned into more of a rant as to why known good security mechanisms that are available aren't implemented by default, but still....

Ha! (1)

ifiwereasculptor (1870574) | about a year ago | (#45490249)

7|-|3Y \/\/||_|_ |\|3\/3|2 (/\7(|-| /\/\3 /\|_|\/3

There. Identify me now, bastards.

Re:Ha! (1)

clickclickdrone (964164) | about a year ago | (#45490305)

>There. Identify me now, bastards.
Hi Dave!

Re:Ha! (2)

wonkey_monkey (2592601) | about a year ago | (#45490379)

Dave's not here man.

Re:Ha! (1)

Sponge Bath (413667) | about a year ago | (#45490813)

I can't do that Dave.

Re:Ha! (0)

Anonymous Coward | about a year ago | (#45490511)

Login accepted, Natalie.

Re:Ha! (2)

yagu (721525) | about a year ago | (#45490541)

I'm guessing THEY WILL (/\7(|-| YOU ALIVE!

A half percent? (0)

Anonymous Coward | about a year ago | (#45490257)

That's a pretty large margin of error, considering how often people type.

yawn (1)

mhoenicka (1035832) | about a year ago | (#45490259)

Our university campus has been using typing patterns as an optional way of user authentication for years. They are currently phasing this out as it seems to be too insecure.

Re:yawn (1)

fluffythedestroyer (2586259) | about a year ago | (#45490517)

insecure ? Care to give us info...thats interesting

Re:yawn (1)

mhoenicka (1035832) | about a year ago | (#45491719)

Here's the link, assuming that your German is better than my English: http://old.sicherheit-online.org/Aktuelle-Themen/Psylock-geknackt-biometrischer-Schutz-ausgetrickst.html [sicherheit-online.org] In a nutshell, they used a keylogger together with a *programmable keyboard* to record typing behaviour. They claim that recording could be triggered remotely, e.g. by some manipulated mail. This is admittedly not a generally applicable strategy to break any account, but on a campus with shared computers it is not too far-fetched to rig something along these lines. I looked a little closer why the university switched to an SMS-based authentication system: the company that developed the keyboard authentication software went bust. Go figure.

News.. (5, Informative)

Nimatek (1836530) | about a year ago | (#45490261)

How exactly is that new? https://www.keytrac.net/ [keytrac.net] http://www.intensityanalytics.com/ [intensityanalytics.com] http://www.idcontrol.com/keystrokeid [idcontrol.com] And there is like half a dozen more.

Re:News.. (0)

Anonymous Coward | about a year ago | (#45490555)

This is why beta /. banner reads "Same old $#![ for nerds, stuff that mattered."

Re:News.. (2)

Registered Coward v2 (447531) | about a year ago | (#45491139)

How exactly is that new? https://www.keytrac.net/ [keytrac.net] http://www.intensityanalytics.com/ [intensityanalytics.com] http://www.idcontrol.com/keystrokeid [idcontrol.com] And there is like half a dozen more.

More to the point, telegraph operators and hams have recognized "fists" for quite some time; so at least there is prior art.

Re:News.. (1)

Anonymous Coward | about a year ago | (#45492679)

In the early 1970s I was able to write a program that could identify who was typing with high accuracy on a KSR-33 teletype machine!

I've heard this before (1)

jones_supa (887896) | about a year ago | (#45490267)

This is one of those topics which pops up about once a year in Slashdot.

Re:I've heard this before (0)

Anonymous Coward | about a year ago | (#45490315)

Here's one from 2010 [slashdot.org]

Re:I've heard this before (5, Informative)

jones_supa (887896) | about a year ago | (#45490607)

Re:I've heard this before (4, Funny)

PPH (736903) | about a year ago | (#45492655)

Duplicate article detected: Slashdot editor authenticated.

Margin of error (1)

91degrees (207121) | about a year ago | (#45490271)

What does that half-percent mean? It's not like our identity can be expressed as a number. Does it mean that it thinks the user is someone else one time in 200, or that for any person in their 2000 user sample set, they matched with 10 of them (both of which would be useful as long as not the only factor we rely on)? Or something else entirely?

Re:Margin of error (1)

minstrelmike (1602771) | about a year ago | (#45490425)

What does that half-percent mean?

Or does it mean that 99.5% of the time the sw is sure it's me and let's me keep typing but every page or two, up pops a warning in my Word document and the webcam scan scans my iris to take care of the other .5%?
Or perhaps a less intrusive way to deal with typing is to munge it up if some yutz suddenly *&^% &^% (* $%^ would work.

Re:Margin of error (1)

gl4ss (559668) | about a year ago | (#45491377)

once in 200 seconds it will lock you out for a second.

seriously speaking, I guess it depends on the length of the analyzing window and they chose the best stat they had.

but you wouldn't mind re-typing your password(in exact same manner and delays) evey 3 minutes now would you?

I seriously doubt the system can guess with 99.5% accuracy which of the users is using the system..

Re:Margin of error (1)

Em Adespoton (792954) | about a year ago | (#45492951)

once in 200 seconds it will lock you out for a second.

seriously speaking, I guess it depends on the length of the analyzing window and they chose the best stat they had.

but you wouldn't mind re-typing your password(in exact same manner and delays) evey 3 minutes now would you?

I seriously doubt the system can guess with 99.5% accuracy which of the users is using the system..

It doesn't need to -- it needs to guess with 70% accuracy when the logged in user matches someone other than the intended user.

Hmm. (0)

Anonymous Coward | about a year ago | (#45490291)

The only thing I'd worry about is different ways of typing. My typing slows when I'm tired, for example.
Am I going to get locked out just because I'm tired? :P

The Giveaway that Global Warmening is a Scam (-1)

Anonymous Coward | about a year ago | (#45490295)

http://kaching.tumblr.com/post/67281706584/the-high-cost-of-coastal-homes-in-new-york-and-los

"The high cost of coastal homes in New York and Los Angeles is on its own a market signal that the alleged threat of global warming is well overdone. Even worse for those who buy into the theory of global warming that says a planetary crack-up is inevitable absent a substantial human response, is that Malibu, Manhattan and the Hamptons are filled with the very people who, when asked if they believe in the global warming theory, would most likely say yes. Ok, so Ted Danson owns in Martha’s Vineyard, noted environmental activist Laurie David does too, and then Al Gore is known to have purchased a coastal palazzo in Montecito, CA. What this tells us is that even global warming’s most famous advocates don’t believe very deeply in their own activism. To believe the warmists we’re sitting idle as Rome supposedly burns, but as evidenced by the popularity of coastal property among warmists and non-warmists alike, the market says the ‘science’ predicting catastrophe is utter nonsense."

I have always said, if you douchebags actually believe that sea levels are going to rise, then you would be moving away from coastal cities such as NYC, LA and SF, just to name a few.

But this is not happening, and the only thing we can conslude from this is that the AGW crowd of rocket scientists know that it is a complete and total fraud.

If you like your AGW lies, you can keep your AGW lies.

Doesn't work... (0)

Anonymous Coward | about a year ago | (#45490309)

It has limited use, and specially almost no use on the important stuff: bank websites.

You don't time much / mouse move much on those websites. At least not enough to trigger a proper authentication.

And with all kinds of biometrics, you can't change the password if it is tampered.

See, I told you (0)

Anonymous Coward | about a year ago | (#45490319)

Glad I'm just using fountain pens...

Google. Auto. Complete. (0)

Anonymous Coward | about a year ago | (#45490321)

N/A

Re:Google. Auto. Complete. (1)

fph il quozientatore (971015) | about a year ago | (#45490919)

I was thinking exactly to this. Or Ubuntu dash online shopping search, for that matter.

Hmm, upsides and downsides. (0)

Anonymous Coward | about a year ago | (#45490345)

Downside... Injure your hand and get locked out.

Upside... No more sending embarrasing emails when you get black-out drunk.

Another breakthrough technology (1)

TheloniousToady (3343045) | about a year ago | (#45490383)

I bet it works even better than fingerprint recognition.

Re:Another breakthrough technology (1)

bob_super (3391281) | about a year ago | (#45492283)

You don't understand. This one is using sub-dermal click recognition. It's foolproof.

Users can be identified by the way they think (1)

Mister Liberty (769145) | about a year ago | (#45490393)

In the end, all of this becomes silly.

I've been using this for years (3, Insightful)

DeathToBill (601486) | about a year ago | (#45490409)

My typing has to match a certain pattern to authenticate me.

And, (1)

Zanadou (1043400) | about a year ago | (#45490451)

That's why I don't type on the internet, I just lurk.

Oh, shit.

Censorship (1)

VortexCortex (1117377) | about a year ago | (#45490461)

Suddenly, you're logged out of every service as soon as you begin browsing with one hand.

Re:Censorship (1)

Greyfox (87712) | about a year ago | (#45490889)

Or you can't log in to anything while browsing with two...

employer mandate (-1)

Anonymous Coward | about a year ago | (#45490469)

I see the O'Barky Administration has quietly delayed the employer mandate from taking effect for one month. Just enough time to get them past the November mid term election. If anyone believes that delay is to help the insurance companies and give them more time to plan, please raise your hand, and then shoot yourself in the head..

You libs like to talk like you are so intellectually advanced and righteous, we hear it all the time.

So how do you reconcile this with the constant and blatant political manipulation, lies and dirty pool that you have to use to advance your agenda?

You are not intellectually honest, in truth you are a bunch of pathetic lying backstabbing shameless criminals. It helps of course to have the media covering for you at your every turn.

One can only hope that the general public will finally start to see what is behind the curtain when the Obamacare bill starts fully coming due and hits them in their pocketbook.

At some point the complicit media whores will run out of curtain and the mask will come off. That could get ugly, i'm just sayin.

OK but how fast? (1)

Shavano (2541114) | about a year ago | (#45490475)

My computer gets my password authentication in a couple of seconds. It sounds like these typing tests took 90 minutes and it didn't evaluate whether the person's typing patterns remain stable over longer times. In that time the program learns to identify a person, but how long does it take to recognize a known person?

  Do I type the same way when I'm tired? I don't know. Do I type the same way if I'm using a different computer and keyboard? When I'm thinking about what I'm writing carefully, as opposed to when I'm tying stream of consciousness thoughts or when I'm copying from a handwritten original? Maybe not. How will it handle people who are learning to type? Their patterns would not be stable, nor would mouse movements be stable for people who are learning to use an unfamiliar program.

To deal with all these potential problems, I think the period over which it must evaluate and the tolerance of variance would have to be set pretty wide. Otherwise it's going to be continually asking you to verify your identity which would be very disruptive of your work.

Re:OK but how fast? (1)

mjr167 (2477430) | about a year ago | (#45490829)

How about when you VNC into a remote machine and it takes 5 seconds for the characters to show up on the terminal?

Re:OK but how fast? (1)

epine (68316) | about a year ago | (#45491035)

Otherwise it's going to be continually asking you to verify your identity which would be very disruptive of your work.

I've always wanted an authentication system that identifies me by precisely the way I say "oh, fuck off" when something this stupid breaks my train of thought.

Normally I type from the home position, but sometimes I cross arms (certain combinations of mouse and keyboard operations are easier that way) and sometimes I type with one hand (mainly when I'm eating at my desk) and sometimes I type with fewer fingers because I'm grasping something extraneously with one pinky finger or the other (such as test clips not yet hooked to my scope, but the last voltage measured needs to be recorded with the least possible delay or I'm repeating my last bench setup for ten minutes).

Another great signature is how quickly I invoke AdBlock Plus to remove animated GIFs from my field of vision. Absolutely can't stand anything hooking my peripheral vision when I'm trying to comprehend text. Or how I mute the volume on advertising with about 80% coverage in any video stream I visit. Basically the rule is this: would I invite the advertising characters into my home? If not, no volume, ever, if I'm within reach of the controls. If I won't let you in the front door, you're not sneaking in through my media system, either.

It doesn't need to be black and white, either. If I have to reauthenticate my keyring a little sooner after five minutes of typing cross armed for an unusual editing task, I'm OK with that.

Re:OK but how fast? (1)

PPH (736903) | about a year ago | (#45492633)

but how long does it take to recognize a known person?

Fast enough to stop the office practical joker from typing
sudo rm -rf /
when you get up to take a bathroom break?

what if (0)

Anonymous Coward | about a year ago | (#45490495)

I sign on through remote desktop? Then an additional layer of security?

Read The PDF (1)

Anonymous Coward | about a year ago | (#45490565)

This is an Iowa State University (student?) prototype/proof of concept stage idea. Also note:

Results from a large scale experiment demonstrated that the Cognitive Typing Rhythm had a 0.7% false
rejection rate and a 5.5% false acceptance rate

As everyone has been quick to point out, the concept is so flawed that there is zero chance of successful implementation. This is just a Slashvertisement for a study grant or startup wannabe.

One Hand (1)

Conchobair (1648793) | about a year ago | (#45490675)

I don't think this will work for me as sometimes I go from two hands to operation my computer with just one hand.

Swedish Company (4, Informative)

Frankie70 (803801) | about a year ago | (#45490801)

This has been done by a Swedish Company - http://www.behaviosec.com/ [behaviosec.com]

They have a continuous monitoring a system and also a product which can be integrated into a Web Page Post Form for a 2nd Factor of Authentication. I have played around with their Web Product - it's very good to be used as a secondary mechanism.

They are also working with DARPA - http://www.behaviosec.com/darpa-and-behaviosec-go-beyond-passwords/ [behaviosec.com]

So I am wondering if the Iowa University project is an extension on this?

The original Behaviosec product came out of a research project in a Swedish University and the people running the company include students who did the original project.

It has some obvious drawbacks. (1)

wcrowe (94389) | about a year ago | (#45490861)

Works great. Until you have a little accident, and end up with a broken arm, or sprained wrist. Then you can't use your computer.

Re:It has some obvious drawbacks. (0)

Anonymous Coward | about a year ago | (#45491645)

Good idea - if the computer is why you have a sprained wrist.

Up next (1)

broknstrngz (1616893) | about a year ago | (#45490865)

An algorithm that recognizes users based on their masturbation movements. Even those with Parkinson.

Re:Up next (0)

Anonymous Coward | about a year ago | (#45491137)

I think Fleshlight already has a patent on that one, they were talking about it over on slashdong [slashdong.org] a while back.

This should work... (1)

anchor_tag (2971059) | about a year ago | (#45490875)

No one slams their mouse and spews slightly racist incoherent obscenities in their favorite forums quite like I do.

Sexy Dance Authentication (1)

Greyfox (87712) | about a year ago | (#45490929)

I'd love to see an authentication method, which could probably be implemented with a kinect, where the computer starts playing some music and demands that you perform a sexy dance. It makes about equally as much sense, but would make work MUCH more funny!

Re:Sexy Dance Authentication (1)

oneiros27 (46144) | about a year ago | (#45491219)

The problem is that it has to be the same or similar every time ... so you'd either have to have a fixed routine that's rather similar every time ... or what I would do, which is sit there and flip the bird at the computer and/or cuss it out for such a stupid request.

(Of course, some of the answers to the canned 'security questions' that groups try forcing on me are responses such as 'I don't know' 'How should I know?' 'Why would I know that?' and 'I'm an orphan, you bastard'.)

Cat-Like Typing Detected (0)

Anonymous Coward | about a year ago | (#45490975)

Meow

wait (1)

Charliemopps (1157495) | about a year ago | (#45490985)

So your solution to security is to put a key logger on every computer in our building? I don't see that going over well with my security team.

Tips (1)

dohzer (867770) | about a year ago | (#45491257)

I'd be really worried about getting locked out while tipsy.

50% margin of error... (0)

Anonymous Coward | about a year ago | (#45491477)

Is this person 'John Doe'.
[ X ] Yes
[ ] No

See what you did there.

There goes getting help on my system.... (0)

Anonymous Coward | about a year ago | (#45492023)

From the site tech support guy, or a colleague who needs to show me someting at my terminal - it locks up as soon as it fails to see me typing?

The big missed point is that it's not always a bad thing for someone else to be typing on my computer/phone/etc

usage as a function of time (1)

volvox_voxel (2752469) | about a year ago | (#45492503)

We may type very differently throughout the day, especially at night, or close to a deadline. There would appear that you would need to do a significant amount of characterization to have any meaningful results. There are times when we can be really tired, but need to finish something. The last thing anyone needs is to fight your computer in addition to fighting a clock. I would refuse to work or quit any place that would consider using this kind of authentication. This kind of model can never be perfect.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?