Individuals subconsciously use their mouse and keyboard in predictable ways and these behaviours can reliably identify them, experts believe. (Agencies)
Examples of these actions include how quickly a user selects buttons that pop up on screen, how long they hover over menus, how fast they move the mouse and whether they scroll using the cursor keys, the scroll bar or the mouse wheel.
"We don't need to find behaviours unique to each person on the planet," said Neil Costigan, CEO of Behaviosec in Lulea, Sweden.
"We just need enough of a spread of behaviours to verify that someone is who they say they are. We look at the behaviour to see if it matches that person's previous behaviour," Costigan was quoted as saying.
Companies are already beginning to implement this technology. In US, IBM is starting to deploy the technique in online security software it sells to banks.
IBM's system monitors behaviour only after a person has logged in using their password. This can prevent a fraudster making transactions, pretending to be an authenticated user who has, for example, gone to make coffee without logging out.
When behaviours are detected that are out of character, the software will ask them to log in again with some extra security questions. A software by Biocatch, a firm based in Tel Aviv, Israel, presents people with what it calls subconscious ‘challenges’ that garner distinctive responses.
For instance, the software makes the cursor disappear for a few seconds and the type of mouse motion people use to recover it; clockwise, anticlockwise, large arc, small arc is recorded.
Uri Rivner of Biocatch said that by building a model of how individuals respond to these challenges, and then monitoring actions while banking or shopping online, the software can tell within a few keystrokes if the user is the same person who originally logged in.
Individuals subconsciously use their mouse and keyboard in predictable ways and these behaviours can reliably identify them, experts believe.