Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Is biometric behavioural profiling really that more secure?

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 28, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Internet security researchers have developed a new browser extension that supposedly defeats biometrics based on typing patterns, with the exercise designed to promote greater awareness about the emerging technology and the privacy risk it could pose to web surfers.

Overall, biometric behavioral profiling allows a site to collect metadata about how a person types, rather than just what they type.

When you type your username and password, the site can see how long it takes to type it, including how long each key is depressed (the so-called dwell time) and how long it takes to move from one key to another (called the gap time).

On average, some sites are moving beyond simple password/ID logins towards multi-factor solutions in an effort to greatly improve the overall security of the website.

As could be expected, this can happen to the detriment of the user experience, particularly when it comes to continuous authentication/behavioural biometrics, according to Per Thorsheim, founder of PasswordsCon and independent IT security consultant Paul Moore.

Profiling technologies from companies such as BehavioSec and KeyTrac can improve security when added to a banking site, where they offer the potential to lower potential fraud.

But the utilization of the technologies elsewhere comes at the expense of privacy, according to the two security researchers.

For now, it's still unclear how many websites use biometrics based on typing patterns or, if they did, whether or not they inform users about their practices in this segment of the industry.

"You can forget Tor, a VPN and your favourite proxy site," Moore explained. "If you have JavaScript enabled and you've been profiled, there's a very good chance they'll identify you. The issue is, do you really know when you're being profiled?"

If a site is using biometric behavioural profiling, then this has deeper consequences than simply obliging users to change their passwords, Moore added.

"If your biometric behavioural profile is shared or stolen, the consequences are far-reaching and considerably more difficult to mitigate," he added.

"You can't change the way you type and even if you did, they'll simply profile you again until the confidence level reaches acceptable limits," he went on to say.

And just shielding web connections behind a proxy (such as a VPN) isn't effective against this type of technology either, which can identify users with an overall accuracy approaching 90 percent-- that's quite high by any standard.

Thorsheim's blog post explaining the privacy pitfalls of behavioral profiling can be found on the web.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer