• United States

BioPassword learns how you type to provide security management

Apr 17, 20063 mins
Access ControlNetworking

* BioPassword Internet Edition

In the mid-1990s, parents were eager to find software that would protect their children from the evils of the Internet. Well, they’re still looking, aren’t they? But one of the major applications in use was NetNanny, which claimed (and still does) to: “Stop Porn; Limit Time Spent Online; Stop Illegal File Sharing; and Protect Personal Info” (all in capitals, of course!).

It did – and does – require an “administrative user” (usually one parent) to maintain the installation. This is a password-protected account, but we all know how easy it is to guess passwords – especially those used by our parents. And given the “tight security” (that’s a joke, son!) of Windows 95 and NT 4, any self-respecting 12-year-old nerd, given all the time they needed at the PC, could crack in. So the folks at NetNanny turned to biometrics.

In 2000, NetNanny began marketing BioPassword, a new way of validating users. That year, I came across the company inside the Microsoft pavilion at Comdex. I stopped to look because Comdex wasn’t the place you typically saw “home use” software. And what I saw wasn’t for home use – it was BioPassword for Windows NT. I sat down for a demo, and liked what I saw.

If you took typing in high school, your teacher might have mentioned that (s)he could always tell each student by simply looking at an otherwise anonymous page of type – everyone used a different rhythm and pressure. Some teachers have been known to claim they can simply listen to you typing and tell who is using the keyboard. That’s the principle behind BioPassword. By initially measuring the time a user holds down particular keys as well as the time between keypresses while the user enters a password, the software builds up a keyboarding template for the user. Then whenever that user logs in, the template must be matched as well as the password in order to be authenticated. That’s multifactor authentication for you. The NT product needed a client piece, and sales lagged since administrators (at the time) couldn’t see the benefit.

Things got so bad, in fact, that NetNanny went into bankruptcy. In 2002, its assets were purchased by a company in Issaquah, Wash., called BioNet. BioNet soon realized that BioPassword could be a winner, but retail marketing of NetNanny to parents coupled with enterprise marketing of BioPassword to network managers were two very different propositions. So, in 2004, BioNet sold off NetNanny but kept BioPassword. Later, BioNet changed its company name to BioPassword and continue to sell to network managers.

Recently, a new release has taken BioPassword to a new level. BioPassword no longer requires a client installation and the company has released BioPassword Internet Edition. This uses a Flash plugin to gather the keyboarding metrics. It’s hoped that this will be well received by, among others, the financial community as a way to institute strong, multifactor authentication for Web-based financial transactions.

It is easy to install, maintain and use. But only time will tell what users’ perception of the software will be. They might think of it as a strong identity protector, or they might associate it with keyboard loggers – a tool of phishers and crackers. Check it out for yourself, though, before placing your bet.