A new way to help prevent identity theft is being proposed using the BioPassword Authentication Software.  It employs biometric science in identifying an individual by tracking the way that you type your password.  It works by tracking the way in which you type your password by examining speed, depression depth, and length of time each key is depressed.  The only way to access your account is for the password and the biometric pattern to match.  Or so it seems.

While keystroke recognition isn’t new, technology has advanced to the point that it could be more accurate than a similar type of technology that was used with Morse code operators in WWII.  Old idea, new software for a more modern society.  First, you need to type your password in nine times so that the computer can compile an accurate account of your keystrokes.

Well I was keen to do two things. I was keen to try and type in someone else’s password having watched them enter it to see how I could go try to be them. And then I wanted them to do the same for me. So this guy, for instance, told me his password was “kidder.” I watched him very closely type it three times. And then tried to the same and it denied me access. And then in turn I set up a password and told him to watch me type it in and replicate that as best he could and of course the system turned him down as well. What they don’t explain is that it’s using very precise measurements of the keystrokes that you make. It measures the length of time for which each key in your password is depressed and it also measures the length of time between strokes. And what you realize is that most of us type in a very consistent and a very idiosyncratic way.

This sounds great.  It can tell by several different factors how you type and could actually prevent other people from accessing your records, whatever type they may be.  However, when the question was raised as to what happens when you are sleepy because you just woke up and haven’t injected yourself with that morning coffee yet.

You’re sleepy, right. They have a few little measures to catch that. If after a couple of goes it seems you’re not typing the way it expects you to type, it will ask some additional security questions.

That’s right.  There’s the flaw.  Security Questions.  Now, no one can ever guess your security questions or discover them through many means of deception, can they?  Again, what is a promising use of biometrics to prevent identity theft, as well as highly secure document theft, is useless once the ability arises to circumvent it.

All I have to do is type wrong a couple of times and then, most likely, have to type in your mother’s maiden name, your birthday, or the name of your dog.  It doesn’t matter how accurate and secure the BioPassword system is, as long as it allows a second type of authentication, it’s never going to work.  Nice try though.