There are good passwords and bad passwords, but all are currently identified based solely on their content for verification. Now, researchers at the American University of Beirut, Lebanon, have been developing a new method of verifying passwords using the way the characters have been typed. This method has been tested before with passwords linked to authentication through the speed and rhythm of the user’s keystrokes, a method known as key-pattern analysis (KPA).
The new method not only records and uses the time delay between presses but also measures how long each key remains depressed. The researchers say that this extra parameter of “intra” timing significantly boosts reliable authentication and improves the overall KPA approach.
How the New System Works
The new system would work something like this:
The user enters their password multiple times to set up a log-in;
The program creates a user profile based on intra and inter timing and other parameters like the relationships between two keys (digraph) and three keys (trigraph);
This profile is stored for comparison when the user logs in again.
The concept of using keystroke dynamics for authentication isn’t entirely new, but the addition of intra-timing adds a new layer of security. Intra-timing refers to the duration each key is held down before being released. This, combined with inter-timing (the time between key presses), creates a unique typing pattern for each user. By analyzing these patterns, the system can more accurately determine if the person typing the password is indeed the authorized user.
Advantages and Potential Applications
One of the significant advantages of this method is that it adds an extra layer of security without requiring users to remember additional information or perform extra steps. The typing pattern is something that naturally occurs and is difficult to replicate precisely by someone else. This makes it a robust method for enhancing password security.
Moreover, this method can be particularly useful in environments where security is paramount, such as in financial institutions, government agencies, and healthcare systems. For instance, even if a malicious actor manages to obtain a user’s password, they would still need to replicate the user’s unique typing pattern to gain access. This dual-layered approach significantly reduces the risk of unauthorized access.
Additionally, the system can be adapted for continuous authentication. This means that the system could continuously monitor the user’s typing patterns even after the initial login. If the system detects a deviation from the established pattern, it could prompt for re-authentication or lock the session, thereby providing ongoing security.
If you are interested in more information about the new research, their paper is available “Optimising password security through key-pattern analysis” is published in the International Journal of Internet Technology and Secured Transactions.
Source: Gizmag
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
