My First Metal Album

For anyone those who hasn’t heard about it, there’s a really cool new
product out by the name of BioPassword. The product does
two-factor authentication
in a very unique way. Rather than rely on a token or smart card (something
that you need to authenticate and can be lost or broken), the system takes
its second factor the user’s typing rhythm.

So the keyboard you type on every day is all that’s needed. Nothing to lose
or break. As you type it records how long you spend on each key, how long it
takes you to move between keys, etc. It keeps that information in your user
template in Active Directory, and when someone tries to log in it compares
his/her typing rhythm to that of the template for that user (for both the
username and password fields).

Impact

The punchline is that you can pretty much give someone else your username
and password and they still won’t be able to login as you. In fact this is
precisely what I do for demonstrations of the product; I create a username
of my first name and use my email address as my password. I even write them
both down on an index card for people to read as they type. I then lay down
$50 cash and offer it to the first person to login.

I’ve not yet lost the money.

If you’re into security at all you should check it out. It’s not flawless
(yet?), but it’s an incredibly powerful two-factor authentication solution
that virtually negates the administrative overhead associated with these
solutions. You essentially get two-factor authentication without the added
annoyance of managing an authentication server, handling token distribution,
or dealing with users that can’t properly use (or keep control of) their
tokens/smart cards.

[Note: I’m not affiliated with the company, but I am a security consultant
who recommends the solution to clients.]