Secure your small business:
Apps → Data →

Can a determined attacker capture and replay user activity to defeat Plurilock™ authentication?

Practically speaking, no. While in theory the capture and replay of user activity is possible, as a real-world task such an attack would be prohibitively complex to achieve, for multiple compounding reasons.

First, Plurilock user profiles evolve over time as users’ movement patterns evolve, meaning that captured data is only temporarily valid. Next, any capture attempt must detect low-level press, release, timing, and acceleration data, not merely the content of keystrokes or the positions of clicks, and the ability to capture this data implies an already severely compromised system.

Finally, even if somehow successfully captured and prepared for reuse in time, replay requires the replication of timing and movement patterns at a low enough level to fool the Plurilock agent(s), which likely involves a dedicated hardware attack solution—for example, simulated USB HID device(s) able to reproduce these timing and movement patterns seamlessly and faithfully.

Though in theory these things might be possible with sufficient time, skill, and resources, a successful Plurilock attack is significantly more difficult to achieve than—for example—an attack involving the theft of OTP codes delivered via SMS, which is trivial by comparison.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms

 

2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  

Downloadable References

PDF
Sample, shareable addition for employee handbook or company policy library to provide governance for employee AI use.
PDF
Generative AI is exploding, but workplace governance is lagging. Use this whitepaper to help implement guardrails.
PDF
Cheat sheet for basics to stay secure, their ideal deployment order, and steps to take in case of a breach.
PDF
Real-time, continuous authentication using behavioral biometrics and machine learning.
 
 
 
 
 

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.