I have owned this domain for ten years now. So it actually seemed like a good idea to do something more with it, then just pay the yearly registration fees. But there is another reason to invest time and effort into something that probably no one will read.
In 1998 I was studying information technology. One of the final things that I needed to do was to write a thesis. Mine was about ‘Rythm-based passwords’. The idea is quite simple. Instead of just sending the password characters, you also send the time between and during the keypresses, the so-called flight- and dwell-time.
Each person types a little bit different, but this difference is enough identify someone. I created a tool to test it. And after about 10 successive entries the various possibilities were unique enough. The down- and in-between times of the keypresses were stored as percentages. So someone could type it slower but still fit specified ranges. Try it yourself, just type the same word or phrase several times and at different speeds. And then ask the person nearest to you to do the same.
Now this alone isn’t enough for authentication. But the same could be said for the password. But when they are combined then you extend the authentication factor ‘something you know’ with ’something you do’. Hence, stronger authentication.
Off course when I was nearly finished with PoC’s and all kinds of tests, I spend some more time on researching: “Why the hell didn’t anybody else think of this”. Well.. somebody did. It turns out that the USA military had already discovered this in the sixties, but never used it. And before that, during the second World War, the allies discovered a way to track German telegraph operators by identifying their particular style of typing code, something known as ‘the fist of the sender‘. More on this can be read in Simon Singhs excellent The Code Book. Sigh, In the end I abandoned the whole idea and went for something completely different.
In 2001 a group of 3 students released a paper on ‘Password hardening based on keystroke dynamics‘ Mhhh.. And in 2006 a company called BioPassword was in the news for a revolutionary way to enhance passwords.. Jup. They even stated “After taking about nine samples of an 8- to 16-keystroke password, the company’s software is able to identify the “fist” of the typist.” With some searching the same announcement, albeit all from other sources, can actually be found in each subsequent year from 1986 till now.
Now I am not here to brag about the fact that I came up with that idea earlier that than the others. I just want to show that some ideas are thought up independently, because they didn’t know about the others. And that is a unfortunately a waste of precious time. Instead of thinking about it, they could have build it years ago. And I rather would have the functionality put to practical use, then to read about it way too many times. As I have yet to see keystroke dynamics, as it is called now, anywhere except in papers, ads and the news.
So to inspire other people I will put more concepts here that kept me awake at night. And if someone want to do something with it. Great! Be my guest.
Ow.. and next to dumping ideas, I’ll post stuff about things like security, retrotechnology and media too. So there you have it..
Welcome to blog 44,324,985 on the internets…
Tags: Security