Net Nanny Enhances Password Security

LAS VEGAS -- A new security software program turns a user’s typing rhythm into a digital signature. Officials with Net Nanny Software International Inc. (www.biopassword.com), which is developing the product, say the software identifies users as surely as expensive, hardware-based biometric security solutions, such as fingerprint readers.

The Vancouver, British Columbia, company demonstrated BioPassword LogOn for Windows NT at Comdex Fall in November. The product is entering beta testing and is expected to be available via download from the Web in the first quarter of 1999, says spokeswoman Nika Herford.

A user sets up a profile by typing a username and a password 15 times. The software measures the time between keystrokes, the time each finger dwells on each key and the overall typing time and saves a pattern. BioPassword then checks the digital profile every time a user logs on, providing an additional layer of security that makes even easily guessed passwords more difficult for crackers to exploit.

"What the research has found is everybody has a unique pattern," says Paul Higgins, a developer at Net Nanny. "We provide as good a protection as all the other systems, and we seem to be able to do it a lot cheaper because it’s all software."

In tests, only 2 percent of users who already knew the username and password could falsely gain access to the system, says Higgins. But this type of profiling security has its drawbacks. The tight parameters falsely reject 15 percent of legitimate attempts to log on. "Much of the time, I end up having to type it in two times because I started to think about it," Higgins says.

Herford acknowledges that Net Nanny, with 25 employees, faces a challenge in bringing market recognition to its technology, but she says the company has some standing in the market with its content monitoring software. Net Nanny’s ambitions include the small office, e-commerce and enterprise security markets. "We’re hoping for Intel Inside-type branding, a Web site logo at e-commerce sites," Herford says.

Ira Machefsky, now an analyst with the venture capital firm Odeon Capital (New York), was briefed by the company shortly before he left the market research firm Giga Information Group (www.gigaweb.com) Machefsky says he was surprised the company held the technology, which it acquired in 1989 from a company that had failed in an attempt to sell it as a hardware solution.

"This is not an area that they’re known for," Machefsky says. "It could be hard for them from a sales and channel and market implementation point of view. But they’re not a complete unknown."

Machefsky believes the product could compete as an alternative to security token solutions, such as those offered by Security Dynamics Technologies Inc. (www.securitydynamics.com). BioPassword would likely be attractive to IT professionals who manage many remote-access users or for users who perform financial transactions over the Internet, he says. "It’s probably not for the casual user in the Internet market," Machefsky says. "But if you’re trading online, it seems to me you might be willing to put up with typing in your password 15 times."