International Journal of Information Security

, Volume 1, Issue 2, pp 69–83

Password hardening based on keystroke dynamics

Authors

  • Fabian Monrose
    • Bell Labs, Lucent Technologies, Murray Hill, N.J., USA
  • Michael K. Reiter
    • Bell Labs, Lucent Technologies, Murray Hill, N.J., USA
  • Susanne Wetzel
    • Bell Labs, Lucent Technologies, Murray Hill, N.J., USA
Regular contribution

DOI: 10.1007/s102070100006

Cite this article as:
Monrose, F., Reiter, M. & Wetzel, S. IJIS (2002) 1: 69. doi:10.1007/s102070100006

Abstract.

We present a novel approach to improving the security of passwords. In our approach, the legitimate user’s typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user’s password to generate a hardened password that is convincingly more secure than conventional passwords alone. In addition, our scheme automatically adapts to gradual changes in a user’s typing patterns while maintaining the same hardened password across multiple logins, for use in file encryption or other applications requiring a long-term secret key. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.

Key words: Security – Biometrics – Cryptographic – Key generation

Copyright information

© Springer-Verlag 2001