DARPA is looking at a new way of authentication that does not rely on passwords, tokens, or standard biometrics. Active authentication hopes to be able to identify and perform continuous real-time authentication on individuals based on patterns of behavior identifiable by software-based biometrics. They refer to these patterns of behavior as a “cognitive fingerprint.”
Typing and mouse use habits could be used to form this fingerprint and that seems pretty straight forward. I’ve got some typing quirks that would probably make my high school typing teacher apoplectic, like never using the right shift, alt or control keys. I’ve also got my own quirky ways of using the mouse. I also like certain applications open in certain locations on my screen, and probably have a dozen more computing habits that could be monitored by software that would have a reasonable chance of identifying me as me.
But (there’s always a “but”)… I’m wary of anything that relies on physical biometrics, even if they are behavioral, due to issues with accessibility. Some medical conditions create physical limitations that are not consistent from one day to the next. People with arthritis or who have suffered from a stroke may have good days and bad days – sometimes the digital dexterity is there, sometimes it’s not.
They also may look, according to the program site, at “how the user crafts written language in an e-mail or document.” I’d be very interested in seeing how this one fares in empirical testing. I don’t know about you, but my writing style adapts to my audience. Voice (active or passive), vocabulary, reading comprehension level… it all changes.
I must say, though, that I’m looking forward to what they come up with. Passwords can be guessed, cracked, or beaten out of us, tokens can be stolen, and the Mythbusters were able to fool fingerprint scanners with some special effects tricks.
I wonder how it will fare against identical twins….or method actors.