RE: extra password protection idea.
Date: Mon, 3 Nov 2003 08:33:22 -0600 To: <email@example.com>, <firstname.lastname@example.org>
This idea of key stroke timing was tried some 10 years ago and didn't
fly well because of all the false authentications. Still the best, if
you want more security is two factor authentication. Fingerprints are
the cheapest, but also the easiest to defeat.
Occidental Petroleum Corporation
THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF
OCCIDENTAL. UNAUTHORIZED USE OR DISCLOSURE IS PROHIBITED.
From: Peteris Krumins [mailto:email@example.com]
Sent: Sunday, November 02, 2003 5:33 AM
To: Brian Akey
Subject: Re: extra password protection idea.
Friday, October 31, 2003, 6:55:27 PM, you wrote:
BA> I had an idea where you time each keystroke of the password and make
a fingerprint of the password entry. I found that the time between each
keystroke is pretty consistent. I thought it might be
BA> an extra level of protect if openssh could use such a technique. I
could give you my password but you still wouldn't be able to get into my
account. It could be a option for the extra secure
The time between each keystroke for me is different on each keyboard
because of the location of the keys. On one keyboard special symbols
like |\/<> are located elswhere. If my fingers dont know where those
keys are I cant login as quickly. Also most of the password are typed
subconscionesly, only the fingers know the password.
For me a bright example is loggin onto the servers at data-center
where each of the keyboards have different layout for some keys.