We Got the Beat

I had a roommate in college who pounded furiously on his computer keyboard all night. Click, click, tap, tap, tap. Drove me crazy.

If I had been a true geek, though, I might have realized that the insufferable late-night clatter was actually a clue that's relevant in the realm of digital security. My roommate's beat was unique; had I typed the same words, it would have sounded different. "You can go back to the second World War," explains Peter McOwan, professor of computer science at Queen Mary, University of London. "People could tell who was sending Morse code because the pattern of dots and dashes had individual characteristics." Ditto for typing.

Now BioPassword, an Issaquah, Washington--based company, is offering a system that actually monitors keystroke patterns to verify identity. When you enter an ID and code, BioPassword's technology tracks how quickly your fingers strike the keys, linger over them, and find the next ones, adjusting over time to minute changes in your typing patterns. Artificial-intelligence software analyzes the scan to identify imposters who don't have the beat--so even if a phisher scores your login, he can't get in.

McOwan and his team at Queen Mary, meanwhile, are developing their own keystroke-based system--but theirs also analyzes signatures made from the movement of your computer mouse. It could be available within five years. Neither Queen Mary's nor BioPassword's technology is as accurate as finger or iris scanners, but they could be a lot less expensive. And unlike other security technologies such as smart cards and password tokens, there's nothing to lose or replace.

Which means my old roommate, with his distinctive keyboard riffs, should sleep soundly--when he's not keeping everyone else up.