Keystroke fingerprinting - using Javascript to *enhance* security

[narcvs]

Traditionally, authentication is done with a subset of four different identifiers. They're usually said to be

- Something you know (username, password) - Something you have (key, passport) - Something you are (finger print, retina scan) - Something you do (signature, speech recognition) [wikipedia] On the web, we're very familiar with the "things we know" - practically all web logins depends on usernames and passwords. For a higher level, e.g. for online banking, there are often certificates involved. Unfortunately we don't have the technology to do biological identification online (at least not for the common user).

Fingerprint exploits "something you do" to take measure how you type your password.

Automatically injected into the form and passed along to the server.