- Nov 3, 2010
But now, computer scientists from Beirut have pioneered a new approach called Key-Pattern Analysis (KPA), to verify passwords that also takes into account the speed with which a user types in their login and the gaps between characters would render a stolen password useless.
Ravel Jabbour, Wes Masri and Ali El-Hajj of the American University of Beirut, in Lebanon has incorporated "intra" timing that measures how long each key remains depressed, which they say gives them the beat of the typing and is a much more robust parameter.
The program gathers information about how the user is typing in their password by recording the electronic signals from a standard keyboard as keys are pressed and released. It then compares the pattern of the password typed with a pre-stored pattern recorded when the account is initially setup.
A user would be expected to repeatedly type their password at the login registration stage to record a reproducible typing pattern. The validation algorithm then looks at the various parameters, intra and inter timing the relationships between two keys (digraph), three keys (trigraph) and up to the number of keys that are the password length.
The study has been published in the International Journal of Internet Technology and Secured Transactions.