We collected typing data from 200 subjects, each typing 10 repetitions of a password for a total of 2000 password-typing samples. The flight time was extracted from the raw data.
The first step in our evaluation was to collect a sample of keystroke-timing data. In next section, we explain how we chose the password for data collection, designed a data-collection apparatus, and extracted a set of password-timing features.
D. Choosing a password
Users were encouraged to use a strong and non-obvious password. The length of the password allowed for the application is between 8 to 20 characters. A strong and non-obvious password is chosen, which contains the standard requirement of password. A strong password has a minimum of with eight characters and the characters constitute of an upper case, lower case, numerals, and special characters. The password also contains at least four unique characters and each character has not been repeated more than four times consecutively.
E. …show more content…
Data-collection apparatus
We set up a laptop with an external QWERTY keyboard to collect data. The environment is set as consistent as possible for all subjects. During enrolment, the user must type the same password 10 times. If any errors in the sequence are detected, the subject is prompted to retype the password. Whenever the subject presses or releases a key, the application records the event (i.e., keydown or keyup), the name of the key involved, and what time the event occurred. The flight time was calculated from the data captured.
F. Pre-Processing
The data collected contains much unnecessary information. Z-Score normalization method is being used to remove the unnecessary information. Given a set of matching scores the normalized scores are given by (1) where μ is the arithmetic mean and σ is the standard deviation of the given