I’m a thunderpaws. When I type, I slam my fingers onto the keys, irritating everyone in my immediate vicinity.
But my aggressive typing style might not just be poor technological manners. It might also serve as a password someday.
The New York Times’ Randall Stross reports that DARPA is looking into software that would identify users based solely on their typing style—handwriting analysis for the digital age. The identification by keyboarding would replace passwords (and perhaps might have some other spy-related uses as well, one imagines).
Last year, DARPA’s Richard Guidorizzi envisioned a future in which, instead of using passwords based on pet names and favorite sports teams, “the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”
Stross speaks to Carnegie Mellon’s Roy Maxion, who researches “keystroke dynamics,” about the possibility. :
Motions that we’ve performed countless times, Professor Maxion says, are governed by motor control, not deliberate thought. “That is why successfully mimicking keystroke dynamics is physiologically improbable,” he says.
This would make security much more human-friendly than hard-to-recall (or easy-to-crack) passwords—and would also allow for continuous authentication, so the computer can recognize if a user changes midsession.
On Extreme Tech, Ray Walters notes that the idea of identifiable keystrokes goes back to the Morse code days:
In the early twentieth century, experienced Morse operators had distinctive traits to their signaling, called their “fist,” that would help to confirm their identities to people familiar with their style (i.e. Allied or German forces trying to crack radio communications). Think of it as handwriting identification for sounds. For example an operator could by habit elongate an individual character or word, or hang for a certain amount of time between words. Just like your middle school teacher could tell when you forged a note from home, Morse operators could tell when a message was coming from a person they usually dealt with or from a new person in the loop.
But Walters is skeptical of the idea that keystroke identification would be an impenetrable security system, suggesting that a “simple keylogger” could override the system.
Watch Guidorizzi describe password-less security below.
Read more on the New York Times.