GTR Forum banner

1 - 20 of 29 Posts

·
Banned
Joined
·
11,494 Posts
Discussion Starter #1
Had an idea (that someone else has probably had first knowing me) about keypad/board passwords.

Suppose that instead of just being about characters, they were about key force and inter-key timing, that way a password would be more unique and even if someone hacks the password, they can't enter it in the same way as the inidividual whose password it is.
 

·
Registered
Joined
·
4,410 Posts
Yeah, somebody very senior in the security company I work for is developing something along this idea. It's a great idea though
 

·
Registered
Joined
·
6,048 Posts
Its always disappointing when you have an idea and find you where beat to it.

When I started programming at the age of about 12 I created a sort routine, And I thought it was brilliant and unique, It wasn't until years later when I got on the internet that I found not only was it not unique, but was widely used and had been around for about 30 years LOL. Still, I like to think I independently developed the bubble sort before I was even a teenager :)

Still, one should never stop trying :)
 

·
Premium Member
Joined
·
5,752 Posts
My father has a theory that you can't keep a good idea contained and that a good idea has "it's time" to arrive. He thinks this is why similar technologies seem to appear all over the world at around the same sort of time seemingly from indvidual development streams.

I am not sure I agree but I kind of like the thought.
 

·
Registered
Joined
·
6,048 Posts
My father has a theory that you can't keep a good idea contained and that a good idea has "it's time" to arrive. He thinks this is why similar technologies seem to appear all over the world at around the same sort of time seemingly from indvidual development streams.

I am not sure I agree but I kind of like the thought.
He is correct, There are a number of things that have been developed in several places at the same time, its only going to get worse as the population increases as more people are working on the same basic problems.

You get 2 or more populations with the same education and level of technology and give them 1 problem, they will all come up with similar solutions (especially if the solutions are limited or the problem sharply focused)

It happens a lot in nature too, its not just a human thing.
 

·
Super Moderator
Joined
·
31,253 Posts
what about a device that uses a different cypher evertime you use it. So, you type a letter, say "A" and it prints an "L" and the only way to know the chpher is to have the actual key for that day. It could have 4 wheels which roll over on each key press, meaning no two letters are represented by the same letter twice. That would definetly sold online security.
 

·
Registered
Joined
·
2,060 Posts
Or another way is just to have a unique code generator like what HSBC has for online banking and also Blizzard in their games (WoW, Starcraft and D3).

You have a device (or app) that generates a unique code as an additional check each time you log in. Extra step but worth the hassle.
 

·
Registered
Joined
·
1,049 Posts
Too many holes in that MIO, I use several devices each day to access my stuff and my typing is differnet on each one.

The best way would be to...

A) Setup a system where everytime you log in to an account the IP and time stored so you can access this info, so if someone does hack you, you will know striaght away.
Most of the damage from hacking comes when the person has the info and has days/weeks/months to act on it. This could be an app or somekind of SMS delivery. Imagine I obtained your bank details now and logged into your account, your phone would beep telling you its being logged in, with a button to disable it instnatly. I would not get far.

B) The password was changed EVERYTIME you logged in and a new password was delivered to you via a dedicated device.

It would be more annoying and things would take a bit longer, but it would be worth it.

The whole backend of logging into sites is from the last century and needs a major overhaul.
Passwrod reset etc, its all flawed, people have gotten smarter and more devious, the security has not. But I suspect a lot of people want to keep ih this way, a lot of jobsworth who are not keen on putting themselves out of employment.

Working with technology is one big squeeze. You're constantly under the threat of being replaced by a bit of software.
 

·
Registered
Joined
·
6,048 Posts
Too many holes in that MIO, I use several devices each day to access my stuff and my typing is differnet on each one.
Not different enough it would seem otherwise it would never have got to the development stage it has.

I'm reasonably confident they will get it working, Look at the advances in similar technologies such as speech recognition and handwriting scanning, both of which accept inputs that vary wildly yet wouldn't take much to limit them to accept a narrow range of inputs that only 1 person can produce. Fingerprint scanners are also along those lines. the one I have works about 99% of the time on the first go.

If I get time I might run some studies of this myself, im slowly becoming intrigued by it.
 

·
Registered
Joined
·
1,049 Posts
Not different enough it would seem otherwise it would never have got to the development stage it has.

I'm reasonably confident they will get it working, Look at the advances in similar technologies such as speech recognition and handwriting scanning, both of which accept inputs that vary wildly yet wouldn't take much to limit them to accept a narrow range of inputs that only 1 person can produce. Fingerprint scanners are also along those lines. the one I have works about 99% of the time on the first go.

If I get time I might run some studies of this myself, im slowly becoming intrigued by it.
Lots of things make it through development and turn out crap, especially when universities are given grant money to research all kinds of shite.
So for something to be IN DEVELOPMENT does not swing me one bit.

The handwriting example is not a great one because there is NO ROOM for mistakes or corrections in passwords because you'll get locked out of the account. Not to mention the algorithm is measuring your rate of speed. So any screw ups will count as a failed attempt as that's the whole point of it.

Secondly, passwords are usually around 8 characters long, if you're typing it in 100's of times a year, the chances most people are going to be pretty proficient at typing it. You could knowingly type it in a different or rhymthic way, but then you have to remember this and this could get taxing when you have multiple accounts.

Lastly most devices have built it webcams and mics (especially as everything is going all smartphone) it would be VERY easy to capture the keystrokes and audio of how you type and convert that audio into a timeline as I have done here by me typing in W W W . G T R . C O . U K

This is me typing GTR - Owners Club (I typed it different to my normal speed!)


That there is measuring the time I took, the delay in characters and most importantly the amplitude I use between characters, i.e. how hard I bang keys in relation to others. There are only a few parameters you could use to measure this stuff and I reckon I have captured some of key one's there.

The two spikes represent a whistle of when I started and stopped.
If I had that audio, which is possible due to laptops/pc's and phones having mic in, I could easily extract a timeframe on how fast you type and simulate it perfectly.

I don't claim to be an expert in this, but I see SO MANY holes, it sounds to be like something that sounds big and clever in a lab environment, but in the real world, can't see it.

The best way is to simply ensure paswords are dynamic, that way, even if you hack someone, its out of date by the time you use it. And if you hack them again, it will be out date again, and with a SMS delivery of who is accessing your account at what time and from what IP, it would make things a real pain for hackers becuae even if they had your info, it would almost always be out of date.

All all that is simple and easy to do and could be done tomorrow.
 

·
Banned
Joined
·
11,494 Posts
Discussion Starter #18
what about a device that uses a different cypher evertime you use it. So, you type a letter, say "A" and it prints an "L" and the only way to know the chpher is to have the actual key for that day. It could have 4 wheels which roll over on each key press, meaning no two letters are represented by the same letter twice. That would definetly sold online security.
Companies commonly use a similar thing with a changing number held on a key-ring device but the system changing that number could be hacked too.
 

·
Banned
Joined
·
11,494 Posts
Discussion Starter #19
The handwriting example is not a great one because there is NO ROOM for mistakes or corrections in passwords because you'll get locked out of the account. Not to mention the algorithm is measuring your rate of speed. So any screw ups will count as a failed attempt as that's the whole point of it.
There are actually specialist machines for duplicating signatures.
 

·
Registered
Joined
·
6,048 Posts
Lots of things make it through development and turn out crap, especially when universities are given grant money to research all kinds of shite.
Yea, you see, I was talking about proper programmers, I have seen university stuff and its generally similar to the code I used to write when I was in my very early teens. Hopefully somebody capable will have a crack at it, Which is even more likely if there is money to be made.
 
1 - 20 of 29 Posts
Top