Imagine a future with no passwords. This is the vision of Defence Advanced Research Projects Agency (DARPA). The research arm of the US military is sponsoring developers to begin work on software applications that will allow a computer system to identify a user by analyzing the way they type, instead of using the traditional password method.
The idea dates back to its roots when Morse code was the de facto standard for communications across the world. Passwords like “6To92Js02Da202n” meet the Defence Department’s definition of “strong,” said Richard Guidorizzi, a program manager at DARPA. “The problem is, they don’t meet human requirements,” he said.
In conventional password-based systems used today, there is no way “to verify that the user originally authenticated is the user still in control of the keyboard.”
Move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions. No biometric sensors such as thumb print or scanners would be used.
The defense agency is hoping to achieve through its Active Authorization program. DARPA‘s Program Manager Richard Guidorizzi gives an overview of Active Authorization here.
DARPA is trying to create an authentication system that uses a unique usage “fingerprint” and constantly monitors how you interact with a device. The system would track characteristics such as length of key presses, patterns in mouse usage, and the style and language used in emails.
By constantly monitoring these data points, a user would stay logged in simply by using the computer. If they got up to leave and someone else tries to use it, the software would identify them as a different person and lock them out or modify their access.
It is estimated that 2 out of every 40,000 people shared the same typing patterns. DARPA is currently researching how many different metrics it can collect for a user without using an special hardware, and there’s no timeframe for when a working system will be up and running.
The authentication platform will be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from other sources.
Perhaps the answer is related to the next stage of research, when it plans to integrate the various biometric data points into a new authentication platform that would work on a typical computer within DARPA.
