I'm somewhat reluctant regarding biometrics. There are some good reasons that biometrics still are a niche approach: The need for specialized hardware, the aversion of users against some biometric approaches like fingerprints, the discussion about potential security weaknesses for example around fingerprints, the intrusiveness to the user experience, and more...

However, there is one approach I find interesting: Keystroke Biometrics. The German vendor Psylock provides several solutions based on what they call keystroke biometrics. The user has to train the system a little. I had to enter 11 sentences, which took me less than 2 minutes. OK, I'm typing pretty fast, but it probably never will take more than 3-4 minutes to train the system. To authenticate, a sentence has to be entered. The system analyzes the way a user types in the sentence and compares it to the stored values. I've tried to change my way of typing a little (slower, with breaks,...) - and wasn't identified. When I typed as usual, I was always identified successfully.

For sure there will be some more false negatives/false positives depending on the configuration. But overall, it is a simple approach. It is based on the rhythm of typing which appears to be unique. And: You don't need special hardware, because every user has a keyboard. At least if you don't use an iPad or another tablet. And even there you might use that technology because you can type with your fingers on the screen. However, that would mean to have two identities - for the tablet and for a system with a real keyboard.

From my perspective, this approach is interesting to either add another factor to authentication or to use it for password resets instead of questions and other approaches. It is simple to use and to implement. From my perspective it is one of the most appealing approaches in biometrics, because it is easy to use, requires no additional hardware, and it is intuitive.

EIC 2011 and Cloud 2011 - Munich, 10-13 May 2011