the most recent

issue of wired talks about keystroke biometrics: rather than just using a password for authentication, keystroke biometrics also factor in speed and rhythm, which is brilliant. each of us probably uses the same few passwords for all of our sites, and we probably type the characters for each password in a habitual way i.e., with the same speed and rhythm. keystroke biometrics can use this as a basis for authentication, thus preventing bots and hackers from being able to use ill-gotten passwords to commit crime, since it would add an additional level of security based on information that's hard to steal without visual observation.

i see keystroke biometrics being useful, however, only in the short-run, for the following reasons. first, i don't know how one would implement this as an on-line service; i'm sure it can be done, but at what cost? second, it will only be a matter of time before someone comes out with software that is able to mimic the most efficient keystroke patterns for any given password: given the spacing between characters on a qwerty keyboard, one could imagine that it wouldn't be too difficult to figure out what the most efficient way to type the password is. this, of course, relies on the assumption that most people typing on qwerty keyboards do so efficiently. another possibility is that keystroke loggers, which are currently used to steal passwords and other sensitive information, could have built-in capability to record legitimate users' speed and rhythm, using the same software that prevents this from happening.

accordingly, keystroke biometrics are an interesting development, but i don't see a lot of long-term potential, at least in the current incarnation of the technology.