Keyboard input as authentication - idea takes on reliable form!
It is a great idea if the keyboard input can be used as authentication. It is convenient, inconspicuous and at best calibrated so that only the rightful person...
Chris Wojzechowski Geschäftsführender Gesellschafter TL;DR
TypingDNA, a startup backed by $7 million in funding, uses AI to authenticate users by analyzing their unique typing patterns with 99% accuracy. Keystroke dynamics as an authentication factor dates back 20 years but previously lacked sufficient accuracy. Unlike passwords or fingerprints, typing behavior is difficult to imitate and provides continuous passive authentication. However, it remains vulnerable to recorded keystroke replay attacks, making it best used as one factor in a multi-factor authentication setup.
Table of Contents (3 sections)
It is a great idea if the keyboard input can be used as authentication. It is convenient, inconspicuous and at best calibrated so that only the rightful person has access. But this project is by no means as simple as it sounds at first glance. TypingDNA, an approximately four-year-old startup, is taking on exactly that. Only recently, the company moved its headquarters to Brooklyn, New York. Now, a financial support of about 7 million USD will benefit the young company.
It’s about an AI controlled technology that recognizes people by their typing behavior
In the end it’s all about keyboard input. This activity is, even if it doesn’t look like it at first glance, a rather individual matter. If everyone had the same way of typing, it would be a very bad feature for authentication. However, the idea of using people’s typing behavior for authentication is not new. The first approaches go back up to twenty years. But it was precisely then that the problem of inaccuracy prevailed. TypingDNA has now enabled the technology to achieve a 99% accuracy rate.
The keyboard input as authentication is difficult to imitate
Passwords have to be guessed, fingerprints secured, faces have to be reproduced in a complex way. Breaking the characteristic of an authentication involves quite different efforts. As soon as it moves away from the password - towards biometrics - security often depends on the quality of the scanner. Imitating the keystrokes of the target does not pose an insurmountable hurdle for attackers - but the effort to acquire a different typing behavior falls into the category of advanced attacks. From an attacker’s point of view, it would probably be possible to work with recorded typing patterns or unencrypted signals, which can be intercepted in plain text. It is quite conceivable that Session Replay could form a database for this. https://www.youtube.com/watch?v=UvbqV0Y9sno
Use multiple factors for authentication - never just the password!
Knowledge, possession or characteristic - the basic possibilities to map an authentication feature. In the best case, the authentication process involves more than one point. The so-called multi-factor authentication is the optimal protection of the account. https://www.youtube.com/watch?v=jH9eSN6zlvs
Monthly Threat Report
Chris Wojzechowski bewertet einmal im Monat die aktuelle Bedrohungslage aus Sicht eines Informationssicherheitsexperten. Sein 30-köpfiges Team ist näher an realen Cyberbedrohungen dran als kaum jemand sonst — mit konkreten Handlungsempfehlungen, die Sie am nächsten Morgen umsetzen können.
Bestseller-Autor (Wiley-VCH) · M.Sc. Internet-Sicherheit · Bekannt aus Handelsblatt & WamS
Zuletzt behandelt
1x im Monat · Kein Spam · Jederzeit abbestellbar · Datenschutz
Next Step
Our certified security experts will advise you on the topics covered in this article — free and without obligation.
Free · 30 minutes · No obligation
