A New Approach for Textual Password Hardening Using Keystroke Latency Times

Abstract

Textual passwords are still widely used as an authentication mechanism. This paper addresses the problem of textual password hardening and proposes a mechanism to make textual passwords harder to be used by unauthorized persons. The mechanismintroduces time gaps between keystrokes (latency times) that would add a second protection line to the password. Latency times are converted into discrete representation (symbols) where the sequence of these symbols is added to the password. For accessing system, an authorized person needs to type his/her password with a certain rhythm. This rhythm is recorded at the sign-up time.This work is an extension to a previous work that elaborates more on the local approach of discretizing time gaps between every two consecutive keystrokes. In addition, more experimental settings and results are provided and analyzed. The local approach considers the keying pattern of each user to discretize latency times. The average, median and min-max are tested thoroughly.Two experimental settings are considered here: laboratory and real-world. The lab setting includes students studying information technology while the other group are not. On the other hand, information technology professional individuals participated in the real-world experiment. The results recommend using the local threshold approach over the global one. In addition, the average method performs better than the other methods. Finally, the experimental results of the real-world setting support using the proposed password hardening mechanism.