The way you type is just about as distinctive as a fingerprint or retina pattern, and the simple act of typing might soon become more common as a way to authenticate your identity.
The main application for “typing biometrics” is as a form of two-factor authentication (2FA). Also known as multi-factor authentication, 2FA adds a layer of security to account login processes by requiring other credentials than just a single password.
[Keep up with the latest news in privacy and security. Sign up for the ExpressVPN blog newsletter.]
While there’s a whole suite of 2FA options out there, some methods—such as the commonly used passcode sent to your phone—are far less secure than others. Then there are traditional biometrics, like fingerprints and voice scans, which are regarded as accurate but also invasive, raising questions such as What happens if your biometric data is compromised?
What are typing biometrics?
Typing biometrics, or keystroke dynamics, is an AI-based technology that analyzes and stores a user’s typing patterns, which include factors such as typing speed, the duration of a single keypress, and how long it takes between releasing a key to pressing the next.
This technology is not quite new; in fact, typing biometrics was developed almost 20 years ago—albeit with varying results. In recent years however, companies such as TypingDNA claim to have perfected it, boasting a 99-99.9% accuracy rate.
For users, this means a more convenient and seamless identity verification experience that keeps you protected without having to scramble for your mobile device or reaching for a hardware key when signing in. In terms of security, it’s also a far better option than SMS authentication—which is vulnerable to attacks such as SIM swapping.
Should you switch to typing biometrics?
The main benefit of typing biometrics is convenience. If it is indeed 99% accurate, then it’s also a win on the security front. But there are a few factors that make this authentication method less reliable than other biometrics, namely that people’s typing patterns can change over time, or an individual might become unable to type due to injury.
That said, the downsides are few. If typing biometrics does go mainstream, the method is likely to be as good as existing ones.
Would you use typing biometrics for 2FA? Let us know in the comments.
Comments
Couldn’t this method be susceptible to hacking by a keylogger?
The way of login and identity is not a user based decentralized identity. Means the Provider of the biometric log in can build a map tracing. Wherever you login your Spur is online traceable. Because you can’t be on two sides the same time. For example you using vpn to log in from different locations with different emails. Biometric will fast recognize this and stop serving you. A good example happens with Facebook. They lock your account if they can’t manage a fix area where you live regularly. 2 factor is needed for page access and more. The combination with Whatsapp is having a detail knowledge about you and gps data from your mobile which you can’t switch with a vpn… think about how much privacy is gone and will be gone soon.
Next time you look in your biometric scanner
Typing biometrics has also been tested as a diagnostic test for neurological disorders. Subtle shifts in typing patterns may indicate problems like mini-strokes or onset of Parkinson’s disease.
What if you have a poor eyesight, area is dimly lit, key board is small?.
I wouldn’t use typing or other biometrics. I use a password generator/storage to create and store secure passwords, in conjunction with an authenticator as the 2FA method. It is a bit less convenient but I feel safer.
No, I dont agree with another method of Fingerprinting and would never voluntarily help it learn more about me. Thats like using Googles option to learn your Personalized Typing for better suggestions(they claim).
I would use typing biometrics as a 2-factor ID –IF– it were part of a suite of options. For example, I’d like the biometric as my primary, but if I my hands were injured in a way as to alter my “typing DNA,” I’d like also to have SMS code, secret question (with questions that I design, not the standard “who’s your mommy” stuff). Overall, there should be multiple factors available to assist when a phone get stolen, a hand gets injured, etc.
This was a very useful article. I had never heard of keyboard typing as a biometric!