It is a great idea if the keyboard input can be used as authentication. It is convenient, inconspicuous and at best calibrated so that only the rightful person has access.
But this project is by no means as simple as it sounds at first glance. TypingDNA, an approximately four-year-old startup, is taking on exactly that. Only recently, the company moved its headquarters to Brooklyn, New York. Now, a financial support of about 7 million USD will benefit the young company.
It’s about an AI controlled technology that recognizes people by their typing behavior
In the end it’s all about keyboard input. This activity is, even if it doesn’t look like it at first glance, a rather individual matter. If everyone had the same way of typing, it would be a very bad feature for authentication.
However, the idea of using people’s typing behavior for authentication is not new. The first approaches go back up to twenty years. But it was precisely then that the problem of inaccuracy prevailed. TypingDNA has now enabled the technology to achieve a 99% accuracy rate.
The keyboard input as authentication is difficult to imitate
Passwords have to be guessed, fingerprints secured, faces have to be reproduced in a complex way. Breaking the characteristic of an authentication involves quite different efforts. As soon as it moves away from the password – towards biometrics – security often depends on the quality of the scanner.
Imitating the keystrokes of the target does not pose an insurmountable hurdle for attackers – but the effort to acquire a different typing behavior falls into the category of advanced attacks. From an attacker’s point of view, it would probably be possible to work with recorded typing patterns or unencrypted signals, which can be intercepted in plain text. It is quite conceivable that Session Replay could form a database for this.
Use multiple factors for authentication – never just the password!
Knowledge, possession or characteristic – the basic possibilities to map an authentication feature. In the best case, the authentication process involves more than one point. The so-called multi-factor authentication is the optimal protection of the account.
This post is also available in: Deutsch (German)