Behavioral Biometrics: Keystroke dynamics

Keystroke Dynamics The way in which a user types on a keyboard or a touchscreen keypad provides a unique and identifiable behavioral biometric trait. Daon’s IdentityX platform incorporates a keystroke dynamics algorithm that analyzes the unique patterns and rhythm of each person’s typing habits. While an attacker may know the content to be typed, they will not be able to reproduce the correct keystroke rhythm.

How do keystroke dynamics work?

Similar to voice biometrics, the user can either be asked to type the same phrase for each authentication (text-dependent) or to type new content each time (text-independent). Best results will be achieved when the user is asked to type the same phrase - such as an email address or a username - using the same keyboard; typing rhythm is affected by the size and layout of a keyboard or smartphone.

While keystroke authentication is less accurate than physiological biometric traits (e.g. finger, face or eye), it does support risk-based, adaptive authentication and continuous authentication. With minimum user interaction, keystroke dynamics can be used to assess whether further authentication is required, which in turn can reduce the number of times a customer is explicitly asked to authenticate.

Keystroke dynamics can also be strengthened with additional user-specific information such as the way a user holds and moves their smartphone while typing or swiping, or the way they move their mouse when using a PC or laptop.

On a smartphone, information from the gyroscope, accelerometer and touchscreen pressure sensors is used in conjunction with keystroke dynamics to increase accuracy. Monitoring smartphone sensors and typing can be used as part of a continuous authentication process that builds up confidence over time that the correct user is present.

Find out more about how Daon’s IdentityX platform allows organizations to authenticate customers using keystroke dynamics, alongside other biometric options.