Password policy characteristics and keystroke biometric authentication
Abstract Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-03-01
|
| Series: | IET Biometrics |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/bme2.12017 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850175754704257024 |
|---|---|
| author | Simon Parkinson Saad Khan Andrew Crampton Qing Xu Weizhi Xie Na Liu Kyle Dakin |
| author_facet | Simon Parkinson Saad Khan Andrew Crampton Qing Xu Weizhi Xie Na Liu Kyle Dakin |
| author_sort | Simon Parkinson |
| collection | DOAJ |
| description | Abstract Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions. |
| format | Article |
| id | doaj-art-c147c99594eb484b8db7d002bee13e1d |
| institution | OA Journals |
| issn | 2047-4938 2047-4946 |
| language | English |
| publishDate | 2021-03-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Biometrics |
| spelling | doaj-art-c147c99594eb484b8db7d002bee13e1d2025-08-20T02:19:23ZengWileyIET Biometrics2047-49382047-49462021-03-0110216317810.1049/bme2.12017Password policy characteristics and keystroke biometric authenticationSimon Parkinson0Saad Khan1Andrew Crampton2Qing Xu3Weizhi Xie4Na Liu5Kyle Dakin6Department of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKCollege of Intelligence and Computing Computer Science and Technology Tianjin University Tianjin ChinaDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKAbstract Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions.https://doi.org/10.1049/bme2.12017authorisationbiometrics (access control)human factorsmessage authenticationstring matching |
| spellingShingle | Simon Parkinson Saad Khan Andrew Crampton Qing Xu Weizhi Xie Na Liu Kyle Dakin Password policy characteristics and keystroke biometric authentication IET Biometrics authorisation biometrics (access control) human factors message authentication string matching |
| title | Password policy characteristics and keystroke biometric authentication |
| title_full | Password policy characteristics and keystroke biometric authentication |
| title_fullStr | Password policy characteristics and keystroke biometric authentication |
| title_full_unstemmed | Password policy characteristics and keystroke biometric authentication |
| title_short | Password policy characteristics and keystroke biometric authentication |
| title_sort | password policy characteristics and keystroke biometric authentication |
| topic | authorisation biometrics (access control) human factors message authentication string matching |
| url | https://doi.org/10.1049/bme2.12017 |
| work_keys_str_mv | AT simonparkinson passwordpolicycharacteristicsandkeystrokebiometricauthentication AT saadkhan passwordpolicycharacteristicsandkeystrokebiometricauthentication AT andrewcrampton passwordpolicycharacteristicsandkeystrokebiometricauthentication AT qingxu passwordpolicycharacteristicsandkeystrokebiometricauthentication AT weizhixie passwordpolicycharacteristicsandkeystrokebiometricauthentication AT naliu passwordpolicycharacteristicsandkeystrokebiometricauthentication AT kyledakin passwordpolicycharacteristicsandkeystrokebiometricauthentication |