Tech recognises typing patterns

Security company DRS has rolled out a biometric technology solution that renders stolen credentials as useless to cyber criminals.

DRS recently signed a deal with AuthenWare to distribute its patented technology in the sub-Saharan region.

The technology works by recognising the unique typing pattern of the authorised user when trying to gain access into a PC, laptop or mobile phone. AuthenWare looks for a strong correlation to the user's typing rhythm and speed when a person types in a username and password.

“Authenticating a user's identity via usernames and passwords are no longer good enough for enterprise security,” says Robert Brown, executive director for sales at security solutions and forensics company, DRS.

According to Brown, an impostor who has stolen a username and password will not be granted access to a system or an application, since the typing pattern will not resemble that of the valid user.

AuthenWare also uses keystroke dynamics and heuristics such as IP address, browser versions, and time of use to authenticate the user.

AuthenWare is certified by the International Biometric Group and helps organisations such as banks, governments and large financial organisations to protect private or corporate information from criminals masquerading as valid users.

According to Brown, AuthenWare bolsters regulatory compliance and complements existing security strategies.

“This is especially in light of the Protection of Personal Information Bill, which is expected to be enacted next year and will force organisations to apply stringent methods to protect confidential information,” says Brown.

Brown says the solution is suited to large financial institutions such as banks and government organisations that store large amounts of personal data. “The biggest user of AuthenWare is the Mexican Revenue Authority, which currently has 35 million users.”

Brown points out: “In security, nothing is completely guaranteed, but organisations can put a combination of systems in place to make it more difficult for cyber criminals to gain access to sensitive information.”

He adds: “Passwords no longer have to be complicated because even if someone steals the user's credentials, the system will not recognise the typing pattern of the impostor and will deny the person access to the system or application.”

A user gets three chances to type in a password and if the AuthenWare does not detect the correct typing pattern, it immediately denies the user access and shuts down the system.

According to Brown, the pattern can be set to adapt to slight changes in typing behaviour, such as those caused by medication, injury or fatigue.

AthenWare solution can also be integrated into mobile devices such as the iPad, iPhone and netbooks and smartphones.

Brown explains that credential theft is the biggest security threat found in fraud today. He says that the majority of corporate passwords are acquired by keyloggers.

He adds that even Internet banking is not impervious to cyber attacks. Brown says a criminal would simply need to steal a user's credentials mobile phone to gain access to the one-time passwords.

Research by law firm Edward Nathan Sonnenbergs, found that corporate SA is losing an estimated R150 billion annually to insider fraud. And around 62% of economic crimes in South African businesses were committed by insiders.

In a previous story, ITWeb reported that the 2010 SAPS crime statistics show that a total of 84 842 white-collar crime cases were reported between April and March 2009/10, marking a 56% increase from 2006.

According to Imperva's CTO, Amichai Shulman, employees using the same passwords on Facebook as they also use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like '123456'.