Security at your fingertips
TEXT OF INTERVIEW
MARK AUSTIN THOMAS: Identity theft is a growing problem. BioPassword is a new security software based on the idea of keystroke recognition. Jonathan Richards is a reporter for the Times of London and has written about this program. I asked Jonathan how BioPassword works.
JONATHAN RICHARDS: Well it works by measuring the speed at which you type. So it asks you to enter your password and login details nine times and that enables it to take a sample of your typing speed.
THOMAS: Now you kind of took this device on a test drive. What happened?
RICHARDS: Well I was keen to do two things. I was keen to try and type in someone else's password having watched them enter it to see how I could go try to be them. And then I wanted them to do the same for me. So this guy, for instance, told me his password was "kidder." I watched him very closely type it three times. And then tried to the same and it denied me access. And then in turn I set up a password and told him to watch me type it in and replicate that as best he could and of course the system turned him down as well. What they don't explain is that it's using very precise measurements of the keystrokes that you make. It measures the length of time for which each key in your password is depressed and it also measures the length of time between strokes. And what you realize is that most of us type in a very consistent and a very idiosyncratic way.
THOMAS: So what happens when your typing style varies from your profile, like you're sleepy because you just woke up?
RICHARDS: You're sleepy, right. They have a few little measures to catch that. If after a couple of goes it seems you're not typing the way it expects you to type, it will ask some additional security questions.
THOMAS: Now this software is new but the technology's been around for a while hasn't it?
RICHARDS: That's right. A similar kind of technique was used during the Second World War by Morse code operators to identify whether this message was coming from an ally or perhaps someone posing as an ally. In the 1980s it was formalized I gather by Stanford University, and so this I understand is at least the first attempt to commercialize it in any case.
THOMAS: So if this technology's been around since the '80s, why do you think it hasn't been used more?
RICHARDS: Look, I don't know, it's one of the great questions. I think possibly the reason there's been a lot more interest in it of late is as a result of the increasing incidents of online fraud. Banks are increasingly looking around for ways to prevent this kind of thing happening.
THOMAS: How much is the software?
RICHARDS: The system works that they need a central server if you're going to deploy it as a bank, so I think that costs about $34,000. And then it's a sort of per-user subscription fee which is $1.15.
THOMAS: Thanks a lot Jonathan I appreciate your time.
RICHARDS: It's a pleasure.
THOMAS: Times of London reporter Jonathan Richards.