Comments on: Keystroke dynamics: A practical web implementation

By: Mike Morucci

Mike Morucci — Sun, 29 Mar 2009 13:56:45 +0000

Hi. Really interesting concept. A lot of sites let you simply cut/paste in your passwords. So it seems only a few keystrokes would be measured, regardless of the length of the password. But if you really want security, cut/paste wouldn’t be allowed.

By: Matt Solum

Matt Solum — Fri, 27 Mar 2009 18:38:37 +0000

This is an interesting idea, and as to the question of how to deal with someone’s typing habits changing over time it seems to me all you have to do is re-save the user’s dwell and flight numbers on every successful log in; the way someone types doesn’t change rapidly, it happens slowly over time.

It would run in to problems, though, as others have mentioned in instances when your typing pattern changes by requirement (i.e. holding a sandwich), this would prevent people from logging in on cell phones or other devices. But it would work well as a intranet security from a single terminal.

By: Joshua

Joshua — Fri, 27 Mar 2009 16:07:10 +0000

This is really cool. Though I used december and had a hard time getting it to match up. maybe 2 out of 5 times. I guess I’m not a very consistent typer. This would be a struggle then if you password changes every month and you have to keep trying to get it to match up to a new pattern.

By: quixote

quixote — Fri, 27 Mar 2009 15:05:54 +0000

Maybe I’m using it wrong, but I can’t get the demo to let me log in. I set pwd, one I never use so it’s new to me. I tried to log in three times, but each time there was too much variation. Then I tried to set another new-to-me pwd, and also hit “set dwell and flight”. It let me in after hitting that, but then when I tried the same pwd again, there was too much variation again.

There may be a problem here. If you accommodate klutzy typists, the system loses security. If you don’t, us klutzes will become unemployable and have to file for disability.

By: Daniel

Daniel — Fri, 27 Mar 2009 10:27:46 +0000

Hello,
If you want, I can give you a complete study I did in the year 2002 where I implemented a prototype using keystroke dynamics.

By: me me

me me — Fri, 27 Mar 2009 02:09:42 +0000

what would happen if you had a few too many?

By: Eric

Eric — Fri, 27 Mar 2009 01:53:34 +0000

On the other hand if your work area is bugged then determined hackers could analyze the sounds and copy your password typing pattern though they’d still have to get the actual password through some other trickery.

By: Eric

Eric — Fri, 27 Mar 2009 01:48:15 +0000

I think the user learns to type their password consistently over time. If you get too used to it then you can go too fast but you know it has to be just a certain way or you don’t get in. Each time you get it right the easier it is to remember the next time. You might not always type the same way but you know to always type your password the same way.

By: Amazingant

Amazingant — Thu, 26 Mar 2009 23:49:43 +0000

Actually, I found it fun to just type the middle row of keys (asdfghjkl) to the beat of “Another One Bites the Dust”, and it said I was good to go so long as I typed to that same beat.

Any chance I could use this for a personal website?

By: Don Wrege

Don Wrege — Fri, 06 Feb 2009 03:16:44 +0000

First car breathalyzers, and now THIS?