Here is a small little security application I wrote about a year ago back in college, for UC Davis’ excellent Computer Security undergraduate class.
Keypass tries to make ordinary passwords “biometric”, using the key push timing (i.e., how long it takes to press one letter after another) as an identifier unique to the user. The implementation works – its in no way bullet proof or optimal of course. Included is a PAM module (in addition to the verify and train programs, and libkeypass) which will work in certain cases. PAM has limits in how the password information is captured – usually the password is captured before Keypass gets invoked (or in cases where Keypass does not have terminal access) so Keypass cannot time the keystrokes. It is known to work as a standard ‘login’ prompt though. SSH logins, even keyboard-interactive, is known not to work. For more details, see the included README.
The license is LGPL 3. I would not suggest using the implementation as is – it can be enhanced greatly, beyond the limits of a few days of development , but instead use it as a starting point for other biometric password ideas.
Feedback is welcome.