A New Approach for Textual Password Hardening Using Keystroke Latency Times

Khalid Mansour¹ and Khaled Mahmoud^2
1Faculty of Information Technology, Zarqa University, Jordan

²King Hussein School of Computing Sciences, Princess Sumaya University for Technology, Jordan

Abstract: Textual passwords are still widely used as an authentication mechanism. This paper addresses the problem of textual password hardening and proposes a mechanism to make textual passwords harder to be used by unauthorized persons. The mechanism introduces time gaps between keystrokes (latency times) that would add a second protection line to the password. Latency times are converted into discrete representation (symbols) where the sequence of these symbols is added to the password. For accessing system, an authorized person needs to type his/her password with a certain rhythm. This rhythm is recorded at the sign-up time.This work is an extension to a previous work that elaborates more on the local approach of discretizing time gaps between every two consecutive keystrokes. In addition, more experimental settings and results are provided and analyzed. The local approach considers the keying pattern of each user to discretize latency times. The average, median and min-max are tested thoroughly.Two experimental settings are considered here: laboratory and real-world. The lab setting includes students studying information technology while the other group are not. On the other hand, information technology professional individuals participated in the real-world experiment. The results recommend using the local threshold approach over the global one. In addition, the average method performs better than the other methods. Finally, the experimental results of the real-world setting support using the proposed password hardening mechanism.

Keywords: Textual password, password hardening, latency time, keying pattern, discretization.

Received April 26, 2020; accepted November 18, 2020