Typeprint Security Considered HarmfulA recent article in Science News (13 Jan
2007) talked about the state of the art in typeprint security
(requiring a consistent rhythm to the typing of your password). I see the entire
concept as having at least two insurmountable problems with regard to password
verification (and probably other uses as
well):
1. I don't use my laptop in the same way at all times. Most notably, I log in every day on the bus. The computer’s on my lap, instead of a desk, which probably changes my typing pattern slightly. More drastically, the bus is moving, and the bounciness makes me change the timing between keystrokes. 2. Who types passwords anyway? Most web site passwords are remembered in some fashion (on Mac OS X, in a Keychain). They’re entered automatically by the web browser. 3. Remote login (e.g. via SSH) may have unpredictable latencies which will vary by key, and throw off the scheme. They’re also thinking of using patterns of mouse movements. This fails too: 1. I use a trackpad on my laptop, a mouse on my desktop computer. The patterns can’t be the same. 2. Sometimes due to incipient carpal tunnel problems, I switch to mousing left-handed. (I had to do this for months a few years ago when I switched desks and came close to serious carpal tunnel syndrome.) In fact, when I use my server, I always mouse left-handed. I’m pretty sure this will result in different patterns as well. A final technique to identify people people is a writeprint, which analyzes their language usage. This might be better, though I suspect my own writing differs somewhat in writeprint depending on whether I’m writing something formal or informal. Posted: Sat - February 3, 2007 at 08:19 PM |
Quick Links
Calendar
Categories
Archives
XML/RSS Feed
Statistics
Total entries in this blog:
Total entries in this category: Published On: Feb 03, 2007 08:50 PM |
||||||||||||||