BIOMETRICS


BioPassword Internet Edition
BioPassword

Price: $30,000, starting fee of $1 per user, plus an ongoing maintenance fee of 15 percent

 

    Requires Free Membership to View

BioPassword's BioPassword Internet Edition

BioPassword Internet Edition's dynamic keystroke technology offers an alternative to token- and fingerprint-based dual-factor authentication.

 

Fueled by increasingly sophisticated identity theft techniques and regulatory requirements, dual-factor authentication has grown in usage to overcome password weaknesses. Typically, dual-factor relies on tokens as biometric options--generally fingerprint readers--and are often considered too expensive and difficult to manage for all but the most security-sensitive organizations.

BioPassword Internet Edition introduces another, cheaper biometric technology: keystroke dynamics, which creates a unique user identifier based on individual typing patterns.

We found that the technology works as advertised once it's properly "trained" with sufficient typing samples to develop a reliable template.

Keystroke dynamics isn't exactly a household phrase, but the idea and technology of this science has its beginnings in World War II, when Morse code operators found they were able to identify senders by the way they typed out the message. Since then, keystroke dynamics has been heavily studied and refined.

We received the BioPassword software development kit (SDK), which is designed to be integrated with an organization's existing login infrastructure. The SDK ships with a sample application, which we used for our testing. The sample application runs on IIS 6 with a MS SQL Server 2000 back end. It uses SOAP to transmit information between the application and the BioPassword Web service back end, which runs on Windows 2003 Server with IIS.

One lab member created several users and trained the program by typing user names and passwords several times to create a base authentication template. Subsequent logins are recorded and used to strengthen the template. We gave our users several different strengths of passwords: a very weak dictionary-based password, a password with mixed case and punctuation, and a pass phrase that contained all lower-case characters. We started the test with only the minimum number of logins for the template (10). One person created the templates with his typing, and others attempted to compromise it by typing in the same credentials with their unique keystroke patterns.

Other lab personnel quickly compromised the account with the simplest user name and the weakest password, and for the account with the mixed case and punctuation. The pass phrase, which provided a larger combination of keystrokes, fared much better, withstanding all compromise attempts.

The performance of the passwords improved as we continued testing. After about 20 or so successful logins, the account with the dictionary-based password successfully resisted compromise.

This was first published in June 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: