Member Avatar for Circaea

Hey guys, I just found out that I'm a semifinalist in Google International Online Science Fair! Thats top 60 out of like 7,500 projects. Right now theres a People's Choice award contest on, with the reward being a $10K scholarship! Can I get some votes from you guys? Just takes a second, vote here!

For anybody interested in the experiment itself, here's a summary of what I did:

Basically, my goal was to use the natural rhythms of people's keystrokes as a means of identification. You may have heard that each person has an individual fingerprint. In a similar manner, each person has their own individual typing speed, especially when typing something as familiar to them as a password. So just as you could tell two people apart by looking at their fingerprint, you can do it by looking at their typing rhythm. My project uses this to distinguish between legitimate owners of an account and impostors.

Benefits of this system include:
Increased resistance to hacking; brute-force algorithms take 1000x longer
No expensive equipment or hassle, just install software (unlike, for example, fingerprint scanners)
No risk of password being stolen by an observer

So basically I wrote a Java app to collect typing data from a bunch of people. Then I analyzed the 'rhythm' in two different ways, and looked to see which was better. The first time I used the time in between keystrokes as the deciding factor, the other time I looked at the amount of time each key is held down for. I got an average of 98% accuracy using the first method and 95% using the second; so great success, but I concluded there is no difference between the two methods.

Any questions just ask, I'll be happy to respond!

Thanks in advance!

  • 5 Contributors
  • 5 Replies
  • 248 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by Ancient Dragon
vegaseat commented: good thinking +0

Recommended Answers

All 5 Replies

Member Avatar for NicAx64

but this varies device to the device isn't it?
How did managed to filter that noise?

Member Avatar for Agilemind

Did you look at how the rhythm changes overtime? ie. when you first start using a password you type it differently than after you have been using it for a while and if you then don't use it for a long time I would think the rhythm would change again.

How long does it take for the rhythm to develop/stabilize?

Member Avatar for jingda

Have already voted. Nice idea of posting here in daniweb to attract people to help you vote

Member Avatar for Circaea

@NicAx64: I actually performed the study twice, once where all 15 subjects entered their data on the same computer, and a second time where data was collected over the internet and users typed on whatever computers they were accustomed to. Both got similarly high accuracy, so it appears that that doesn't actually matter.

@Agilemind: I actually didn't look at that, but I asked all subjects to use a password they didn't generally use (e.g., they weren't used to typing their password word before hand). The first entries may have been less consistent than the last few, but I treated them all as though they all had an equal chance of being bad. I didn't analyze anything, but just from looking at the data, it doesn't look like 'getting used to it' matters; there are the same number of fails from the first few entries as the last few (and the middle; it appears to be a pretty even distribution)

@jingda: thank you for your support!

Member Avatar for Ancient Dragon

>>So just as you could tell two people apart by looking at their fingerprint, you can do it by looking at their typing rhythm

People's typing speed and rythm will change over time. For example I used to type at speed > 100 wpm on a manual typewriter, but I have slowed down a great deal since then. How does your system account for changes in people's habbits?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.