An empirical analysis of keystroke dynamics in passwords: A longitudinal study
Abstract The use of keystroke timings as a behavioural biometric in fixed‐text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly a...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-IET
2023-01-01
|
Series: | IET Biometrics |
Online Access: | https://doi.org/10.1049/bme2.12087 |
_version_ | 1797422216837595136 |
---|---|
author | Simon Parkinson Saad Khan Alexandru‐Mihai Badea Andrew Crampton Na Liu Qing Xu |
author_facet | Simon Parkinson Saad Khan Alexandru‐Mihai Badea Andrew Crampton Na Liu Qing Xu |
author_sort | Simon Parkinson |
collection | DOAJ |
description | Abstract The use of keystroke timings as a behavioural biometric in fixed‐text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly available datasets, containing a small number of passwords with timings acquired from different experiments. Multiple experiments have also used the participant's first and last name as the password; however, this is not realistic of a password system. Not only is the user's name considered a weak password, but their familiarity with typing the phrase minimises variation in acquired samples as they become more familiar with the new password. Furthermore, no study has considered the combined impact of length, substitution, and repetition using the same participant pool. This is explored in this work, where the authors collected timings for 65 participants, when typing 40 passwords with varying characteristics, 4 times per week for 8 weeks. A total of 81,920 timing samples were processed using an instance‐based distance and threshold matching approach. Results of this study provide empirical insight into how a password policy should be created to maximise the accuracy of the biometric system when considering substitution type and longitudinal effects. |
first_indexed | 2024-03-09T07:29:02Z |
format | Article |
id | doaj.art-32f1a8e98c50410c88d4e9ff22412ea5 |
institution | Directory Open Access Journal |
issn | 2047-4938 2047-4946 |
language | English |
last_indexed | 2024-03-09T07:29:02Z |
publishDate | 2023-01-01 |
publisher | Hindawi-IET |
record_format | Article |
series | IET Biometrics |
spelling | doaj.art-32f1a8e98c50410c88d4e9ff22412ea52023-12-03T06:34:29ZengHindawi-IETIET Biometrics2047-49382047-49462023-01-01121253710.1049/bme2.12087An empirical analysis of keystroke dynamics in passwords: A longitudinal studySimon Parkinson0Saad Khan1Alexandru‐Mihai Badea2Andrew Crampton3Na Liu4Qing Xu5Department of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKDepartment of Computer Science School of Computing and Engineering University of Huddersfield Huddersfield UKCollege of Intelligence and Computing Tianjin University Tianjin ChinaAbstract The use of keystroke timings as a behavioural biometric in fixed‐text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly available datasets, containing a small number of passwords with timings acquired from different experiments. Multiple experiments have also used the participant's first and last name as the password; however, this is not realistic of a password system. Not only is the user's name considered a weak password, but their familiarity with typing the phrase minimises variation in acquired samples as they become more familiar with the new password. Furthermore, no study has considered the combined impact of length, substitution, and repetition using the same participant pool. This is explored in this work, where the authors collected timings for 65 participants, when typing 40 passwords with varying characteristics, 4 times per week for 8 weeks. A total of 81,920 timing samples were processed using an instance‐based distance and threshold matching approach. Results of this study provide empirical insight into how a password policy should be created to maximise the accuracy of the biometric system when considering substitution type and longitudinal effects.https://doi.org/10.1049/bme2.12087 |
spellingShingle | Simon Parkinson Saad Khan Alexandru‐Mihai Badea Andrew Crampton Na Liu Qing Xu An empirical analysis of keystroke dynamics in passwords: A longitudinal study IET Biometrics |
title | An empirical analysis of keystroke dynamics in passwords: A longitudinal study |
title_full | An empirical analysis of keystroke dynamics in passwords: A longitudinal study |
title_fullStr | An empirical analysis of keystroke dynamics in passwords: A longitudinal study |
title_full_unstemmed | An empirical analysis of keystroke dynamics in passwords: A longitudinal study |
title_short | An empirical analysis of keystroke dynamics in passwords: A longitudinal study |
title_sort | empirical analysis of keystroke dynamics in passwords a longitudinal study |
url | https://doi.org/10.1049/bme2.12087 |
work_keys_str_mv | AT simonparkinson anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT saadkhan anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT alexandrumihaibadea anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT andrewcrampton anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT naliu anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT qingxu anempiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT simonparkinson empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT saadkhan empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT alexandrumihaibadea empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT andrewcrampton empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT naliu empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy AT qingxu empiricalanalysisofkeystrokedynamicsinpasswordsalongitudinalstudy |