The public versus keystroke recognition security

Most people, at least at first glace, don't believe that keystroke recognition--a security technique where a person can be identified by how they type--works. So BioPassword next week will give the public the opportunity to crack it.

The Issaquah Wash.-based company will set up a Web site next week touting the technology and its virtues. People also, naturally, get a chance on the site to try to fool it. Go to the company's Web site (click above) to try it out.

CEO Mark Upson says good luck.

"It has a 95 percent accuracy range," he said. "The science goes back to World War II, when people were sending messages through Morse Code."

Everyone, it turns out, has a distinct rhythm to their typing. Users need to type about nine samples into the system and BioPassword has you figured out. Your profile is also dynamically tweaked over time, so if you start getting more jumpy as you get older, BioPassword can accommodate that.

He gave me and a few other attendees at the Emerging Ventures conference sponsored by Dow Jones a demo this week. He typed in his own user name and password. The software gave him a recognition score of 59. You need a 33 on the demo application to get through. A random person that typed in his user name and password got a 7.

The keystroke rhythm is captured in flash to avoid any latency problems. The data is then transferred to a central server.

Besides being somewhat accurate, keystroke recognition cuts a lot of the costs associated with security. For two-factor security, where users submit to two authentication tests, you don't have to carry a random number generator. You also can't lose it (unless you juggle Skil Saws.).

400,000 people use it, and so do 17 financial services companies, Upson asserted.