By Steve Ragan Apr 23, 2007, 14:42 GMT
There was a story over the weekend about a company called BioPassword. The company located in Issaquah, Washington, develops a unique security program that is software based and works on Microsoft’s Active Directory, Citrix VPN, Outlook Web Access, and more.BioPassword protects companies and individuals with a simple, powerful combination of the user's standard login credentials. It monitors keystroke biometrics (their unique typing rhythm) and knowledge-based authentication (user selected questions and answers.) The company states that BioPassword's authentication software is fast, accurate, transparent, scalable to millions of users, and immediately deployable across an organization or Internet without the need for expensive tokens, cards, or other specialized hardware.
BioPassword works on a simple principal, you type your passwords so often you develop a typical rhythm or speed when you type it. BioPassword is able to tell if the user enters the password at a normal typing pace. If not, the software kicks in asking additional security questions before allowing access. The technology and software is new but passed on historical fact.
During WWII, the U.S. military used technology that aimed to determine if Morse code was from friend or foe. Depending on the speed of the Morse transmission soldiers were able to determine the source of the message as real or not. On the BioPassword website, there is an interesting video clip from the CBS show, “Numb3rs.” The clip demonstrates how the software works and explains some of the history. There is also the opportunity to test the software live in a web demo using the Internet ability of the BioPassword software.
“Businesses have always desired an additional factor of authentication to augment usernames and passwords. However, tokens, smartcards, or other biometrics have had problems with market penetration because of end-user acceptance and the operational costs of deployment,” said Eric Ogren, security analyst at the Enterprise Strategy Group. “A biometric approach based on a person's typing cadence can enhance the security of passwords without requiring the overhead of additional hardware or software authentication infrastructures. Organizations can reduce the risk of fraudulent sign-ons to their networks and business applications.”
To learn more about BioPassword visit their web site www.biopassword.com. The live demonstration of BioPassword's keystroke biometrics is located at www.biopassword.com/demo1. The cost of the software or corporate solutions is available by request only the company says.
Whether this gets wide spread attention in the corporate security world, remains to be seen. However, the cool factor for this tool is at least worth the time to try the demo. After several attempts, this reporter gave up on trying to access the account. Even after I was shown the pattern for the demo account, I was still unable to mimic it.