“Behavioral biometrics”—the use of individual behavioral traits, such as how someone swipes the mouse or uses a keyboard—represents a significant new frontier in online security.
As reported by Dan Goodin on Ars Technica, researchers recently demonstrated they could identify Internet users based on how they type, even when using anonymization tools such as Tor. Goodin explains that “because the pauses between keystrokes and the precise length of time each key is pressed are unique for each person, the profiles act as a sort of digital fingerprint that can betray its owner’s identity.”
Goodin notes that another team of researchers has developed a tool designed to thwart keyboard-tracking as a means of identifying individuals, by developing a Chrome browser plugin that caches the input keystrokes and, after a brief delay relays them to the website in at a pseudo-random rate.
A demonstration of this technology is available on the website of BehavioSec, a Swedish firm that is already working with major banks and DARPA.
Information Week’s Sara Peters also recently reported on the rise of behavioral biometrics (a.k.a. “passive biometrics”): “Fingerprints and retinal scans are awfully hard to spoof, but they are static data that could be stolen, and worse yet, they force users to go through another pesky step in the authentication process.”