I know who you are by how you type

[foxidrive]

I may have missed a detail but this seems to say that a website software can detect the way you type a login, and it knows who you are, and can target you with ads or track you etc.

That is a new twist for me... and there's a plugin to foil the detection.

Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.

 

[Megabyte]

but if he logged in of course it'd know who he was. Or have I got the wrong end of the stick?

 

[misi]

I may have missed a detail but this seems to say that a website software can detect the way you type a login, and it knows who you are, and can target you with ads or track you etc.

What about using a password manager?
It inserts the details automatically, cannot detect how you type a login.

 

[foxidrive]

but if he logged in of course it'd know who he was.

On re-reading, he had been using Tor for privacy and wasn't logged in to a site - and then when he went back and logged in the widget knew it had been him on the previous browser with security and where he wasn't logged in.

What about using a password manager?
It inserts the details automatically, cannot detect how you type a login.

Yes, I think that would work fine too.
I don't use a password manager here - have considered it but at present haven't done so.

 

[misi]

I don't use a password manager here - have considered it but at present haven't done so.

Do it, Foxi, it's a good thing.
You are using mainly FF, it has a good one with a master password.
I'm not using it, Norton's does a relatively good job.

 

[foxidrive]

Do it, Foxi, it's a good thing.

Yes, thanks for your opinion misi, I've thought of the benefits of a proper password manager which gives strong random passwords for sites, and logs you in automatically, and maintains the list in different ways for use on tablets, and phones etc.


Personally I don't use the same password on sites - I use a programming algorithm which I remember to give me different passwords on different sites, and I have the idea that it's fairly secure and that typing the passwords refreshes my memory of the algorithm every time.

I think also that it's ok when young and stupid and you have good memory recall, but I'm becoming old and forgetful as we all do, and one day I will swap over to a password manager.

 

[Guess]

I use LastPass... I forget easily !

 

[Megabyte]

I'm just stupid and have to reset my password on various sites all the time! At least then no-one can know what it is - when I don't know ;-)

Are password managers hackable?

 

[foxidrive]

At least then no-one can know what it is - when I don't know ;-)

Are password managers hackable?

One's that are based on your own computer are as secure as your computer is, but ones 'in the cloud' that store your passwords on a web server for you to use can, and have been, hacked.

The hack I read of revealed everyone's master password.

 

[foxidrive]

I use LastPass

D'oh!

http://it.slashdot.org/story/15/06/...ach-including-authentication-hashes-and-salts

 

[misi]

I use LastPass... I forget easily !

As long as you have Internet connection you can use your Norton.