Results 1 to 3 of 3
  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Cornwall, England
    Posts
    393
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bionic passwords

    looks like you got the api function working then chris ?
    how would you allow for users logging on at different work stations ? I know that i for one have terrible trouble typing on 'ergonomic' keyboards that some users have when i need to log in at their pc.
    Also, if a user types in a new password quickly their margin for error ( the 90% delay in keystrokes) is reduced so there may be an issue there ?
    Dont take these points badly, i feel the process is a good one and will certainly add to security. People do use a keyboard with a particular style which can be analysed to develop the equivalent of a signature. great to see something like this in its embryonic stage. [img]/forums/images/smilies/smile.gif[/img]

  2. #2
    Platinum Lounger
    Join Date
    Feb 2001
    Location
    Yilgarn region of Toronto, Ontario
    Posts
    5,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Bionic passwords

    (later) (1) found two bugs in code (2) forgot to password-unprotect. Sorry.

    try this one.


    Developed prototype of means of measuring human physiology during string input.

    When you run the macro CMD_PASSWORD() you will be presented with a very simple GUI form. I have built ONLY the part that would normally solicit the user password, but I do not blank out the characters you type with asterisks. It's not a real password box.

    Keyboard-password systems have two great failures. (1) for the supplier, the user may forget their password or communicate their password to another user. (2) for the user, we are swamped with passwords, so many to remember, so many different ones to fabricate.

    How to tie a simple password to a user? Monitor the key-strokes. If we can measure the time each key is pressed during the down-travel, and the interval between keys, we can store the rhythm as a reasonably unique signature of the user. Telegraph (Morse code) operators could recognize each other by the rhythm of their key strokes.

    Now that your signature is married to your password, practically noone else can make use of your password. Now that your signature is married to your password you can get by with just a few passwords, rather than the twenty or so you have written down on a slip of paper in your wallet.

    The supplied routine has a cutoff described in the INI file as CUTOFF=0.90. You will be asked to key in a string of characters four times over, with a prompt "Try Again" between each try. If the average delay for keystrokes between the passwords is within the cutoff value (90%) you will see the message TRUE pop up. Your password and signature match. If you fall below the cutoff point, FALSE will appear.

    You can edit the eraseme.ini file with Notepad to change the cutoff value from 0.90 to 0.50 or, if you are feeling luck, 0.10 (10%).

    A regular password scheme would sample your keystrokes a half-dozen times and THEN store your signature. To log in to a system you would type your password once; the recorded signature would be checked against the stored signature.

    All that this demo does it let you test your consistency in typing a familiar string.

    Now consider what you might so with this.

    Suppose you are a new user and are asked to supply a password and type it 6 times. The system not only measures your signature, but also the delay between the first prompt and the first character you type, and the delay between the second prompt and the first character of that essay.

    A user who is thinking of a brand-new password string will demonstrate a significant delay for both events; the user who recycles an existing password won't think twice, they will just key it in and go. Since you can measure this, you can pop up a message saying "I think you are already using that password somewhere else". Should give the user something to think about!
    Attached Files Attached Files

  3. #3
    Platinum Lounger
    Join Date
    Feb 2001
    Location
    Yilgarn region of Toronto, Ontario
    Posts
    5,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bionic passwords

    >looks like you got the api function working then chris ?

    Nope. I'm still using the crude Key_Down event in a GUI form. It's enough to play around with. I can leave the API for later - I've demonstrated the technique can be achieved, albeit crudely, in VBA.

    I'd still like to know "how to find out how to use these kernel32 things". I'm not looking in the right place, I know.


    >great to see something like this in its embryonic stage.

    I stole the idea from Alexander Graham Bell, from whom also some guys at Stanford (?) and Biometrics (?) reaped ideas (grin!)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •