It sounds great and much more protective than passwords. You can't copy/imitate behaviors.
However, I am wondering if the system still works if you are tired or sick. Your behavior might change in this case and therefore the system would not recognise you.
I think you misunderstood the intention of this feature. The goal is to identify and/or profile users that themselves use just a regular log-in. This can be then used to improve targeted marketing, selling that information to third-parties for example.
Note how the article mentions that the gender can be determined after a few keystrokes, even though the user never entered that specific information. This is certainly not the only metric that can be identified. The point of the article is to develop a solution to prevent leakage of private/personal information.
> Note how the article mentions that the gender can be determined after a few keystrokes, even though the user never entered that specific information.
Research got median 88% accuracy testing subsets of 98 males and 35 females.
Note that I got 74% accuracy on that data set by guessing male, male, male, male, male...
The original researcher knows in advance what the ratio is, yes, that's my point. I'm illustrating that the research is not very good. They couldn't even identify women to take part in the study. Given the numbers involved, it certainly isn't Facebook-ready.
In general, I don't believe it is possible to distinguish male and female typing patterns.
What you might be recognising is how people learned to type combined with the size of their hands - that might partly but not exactly break along gender lines. Bucketing people on that basis is just a recipe for awkwardness.
Fabricating facts and using ad-hominem is not a very good way of backing up your arguments.
Quote from the paper:
We use the public GREYC keystroke benchmark database for this work. It is one of the largest databases (in term of number of users and sessions) in keystroke dynamics. To out knowledge, no existing database contains more individuals. In order to reduce the bias due to this high quantity of male information, we only kept the first n male samples( where n is the number of female samples).
( Don't bother with your response, I won't be reading it. )
>We use the public GREYC keystroke benchmark database
Yes. That's their own database which they're talking up, the one that they made to do this research. That's what I was talking about.
>In order to reduce the bias due to this high quantity of male information, we only kept the first n male samples( where n is the number of female samples).
It happens that I didn't read this part.
On reflection, what I understand now is far worse than what I originally understood:
- They have 35 females and 98 males, they take many handwriting samples from each.
- Since the participants provided many samples, these samples appear both in the training set data and in the test set data.
- I use the training set data to figure out if I can recognise the handwriting of the 35 female participants.
- Then I look through the test data to see if I can identify those participants again.
Basically what you've shown is you can identify the handwriting of 35 people if you've already seen it - 88% of the time.
Splitting groups into 'female' and 'male' is a red herring. This method would presumably work, even if I split them into two random groups.
That's the first thing I thought of, tired or sick. Or how many times I've used one hand to type in my password because I had a drink or food in my other.
How would mobile work with this? Sometimes I use both fingers, sometimes just my thumb on one hand. Would it just create multiple behavior profiles for me that are accepted?
In combination of the right password and the behavior match, it seems like this would actually be pretty strong. I'm looking forward to trying to break it tomorrow with a friend.
