Question

Assume as users gain more experience typing the same text string, they become faster. Assume Bob is a slow user but his password typing pattern gradually changes and he becomes fast after sufficient number of successful logins. If consecutive timing measurements are very close (i.e., gradual change), does the password hardening algorithm adapt to this slow change of timing values and allow Bob to log into the system on each request? If an attacker has knowledge of such user typing behavior, what time is better for the attacker to target Bob's account.

Answer 1

A sophisticated password hardening algorithm can adapt to gradual changes in a user's typing speed, and a potential attacker would likely target the user's account when the typing pattern is predictable and the user is less vigilant.

Step-by-step explanation:

The question is asking whether a password hardening algorithm can adapt to a user's gradually increasing speed of typing their password, in this case, a user named Bob. Password hardening systems that utilize keystroke dynamics can potentially adjust to gradual changes in typing patterns. If Bob's typing speed changes slowly over time, a sophisticated system could indeed update its profile of Bob's typing pattern to allow him access. However, if the changes are abrupt or fall outside of the learned profile, Bob might encounter difficulties logging in.

If an attacker is aware of Bob's behavior, the best time to target would be when Bob's typing pattern is most predictable and stable. The attacker may attempt to mimic Bob's typing pattern after having observed it over time or may strike when Bob is less likely to be alert in detecting unauthorized access attempts.