DARPA is after your typing biometrics for post-password security
As much as we might like to think otherwise passwords, as we use them – or not use them, today are for the most part – useless.
The majority of people don’t take password security seriously – the number of “password” and “123456″ type of passwords are the perfect example. The remaining people that do can’t be sure about how secure those passwords are given the fact that for every password created there is some way to crack it.
It turns out that password security is something that DARPA (The Defense Advanced Research Projects Agency) take very seriously and is apparently looking to a post-password solution to the problem.
Most of the password-replacement action at DARPA is taking place within the Active Authentication program, where researchers are studying “innovative approaches that enable revolutionary advances in science, software, or systems” that authenticate a user’s identity while stationed at a computer terminal without relying on passwords.
via Fast Company
It seems that the agency believes that using, or creating in their case, some cutting edge biometric identification products that can identify a user by their typing style might be one of the possible solutions. While there has been much work done in the area of biometric security methods DARPA program manager Richard Guidorizzi points out they are expensive to implement on a mass basis as well as raising privacy concerns.
On the other hand creating a biometric identification system based around an individual’s typing style is cost-effective and will help alleviate any privacy concerns.
Guidorizzi believes passwords will always be insecure. Instead, he proposes that “forensic authorship”–the analysis of a user’s average word length, use of punctuation, type-token ratio (for us mortals, basically the number of unique words used in a document) and average word length to determine the identity of computer users. DARPA has not yet unveiled how they intend to turn forensic authorship into a replacement for the password–but their decision to hold an industry day shows that they believe the technology holds potential. Once the agency creates a workable prototype of their new password-replacement system, it will be tested on desktops in a “Department of Defense office environment.”
via Fast Company
I don’t know about you but the idea of some identification system figuring out that I am who I say I am is kind of scary given my typing skills.