Well actually something like this should be possible with this technique, although it would need to be a build in functionality.
A good system has a way to update the template, so this does not need to be a problem!
All biometric systems (and other authentication systems) need some kind of back up solution, so also this one! Same questions would have been "what if I hurt my head and cannot remember the password"
In any case it will be better than "just a PW". All the attacks for which this new system is vulnerable also hold for the usual username/password systems. But as you say, it will protect against some attacks like shouldersurfing. But as long as we have no details, we cannot comment on it.
Already patents out for some years on this topic as well as commercial products. Nothing new, at least not as long as the document on what they did is not freely available. Hiding some information does not make it better.
No, there will not be added complexity for the user. The system will record how you type and you can type in your normal manner. Actually reduced complexity as you can now use the same password everywhere because it is proven that your way of typing cannot be copied, so it does not matter if people know your password. This also means that the information actually does not need to be encrypted, as you need to have for a normal password. It is only adding extra security.
2000 is certainly too early, but 2007 might be a good estimate when people started saying that this would be a nice application for mobile phones. However there is a distinct difference between saying it and actually doing it!
As one of the authors I do agree with you that 20% EER is not the best. Since submitting this article we already went down to 10%. On gait with normal accelerometers (so not the low quality ones in the phones) we even get down to 1.5%. Still not as good as fingerprint, but on the other hand, it is unobtrusive. If you hurt your leg permanently, then just make a new reference template. If it is just temporary, then you need to realize that this gait recognition is just an extra security measure, so you no longer need to lock your phone every time you stop using it. You principally do this because you do not want a third person to have access. With gait recognition, the phone uses the gait to recognize this third person by a different gait and will lock it then for you. A sensible implementation would unlock the phone if normal gait is detected from the correct person, but also by using a normal PIN mechanism.
The article just explains an extra technique to secure a mobile phone. The way to implement this can be done in various ways. If the gait recognition system locks a mobile phone due to "wrong" walking, then by no means you have to "walk normally" to open it up again. The unlocking mechanism can be a normal PIN code mechanism. So no reason to throw around phones if you would now use a PIN code already.
PatrickBours writes: What is your favorite star: