Keyboard input as authentication – idea takes on reliable form!

Keyboard input as authentication – idea takes on reliable form!

It is a great idea if the keyboard input can be used as authentication. It is convenient, inconspicuous and at best calibrated so that only the rightful person has access.

But this project is by no means as simple as it sounds at first glance. TypingDNA, an approximately four-year-old startup, is taking on exactly that. Only recently, the company moved its headquarters to Brooklyn, New York. Now, a financial support of about 7 million USD will benefit the young company.

It’s about an AI controlled technology that recognizes people by their typing behavior

In the end it’s all about keyboard input. This activity is, even if it doesn’t look like it at first glance, a rather individual matter. If everyone had the same way of typing, it would be a very bad feature for authentication.

However, the idea of using people’s typing behavior for authentication is not new. The first approaches go back up to twenty years. But it was precisely then that the problem of inaccuracy prevailed. TypingDNA has now enabled the technology to achieve a 99% accuracy rate.

The keyboard input as authentication is difficult to imitate

Passwords have to be guessed, fingerprints secured, faces have to be reproduced in a complex way. Breaking the characteristic of an authentication involves quite different efforts. As soon as it moves away from the password – towards biometrics – security often depends on the quality of the scanner.

Imitating the keystrokes of the target does not pose an insurmountable hurdle for attackers – but the effort to acquire a different typing behavior falls into the category of advanced attacks. From an attacker’s point of view, it would probably be possible to work with recorded typing patterns or unencrypted signals, which can be intercepted in plain text. It is quite conceivable that Session Replay could form a database for this.


Use multiple factors for authentication – never just the password!

Knowledge, possession or characteristic – the basic possibilities to map an authentication feature. In the best case, the authentication process involves more than one point. The so-called multi-factor authentication is the optimal protection of the account.

You are currently viewing a placeholder content from Default. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.