Chapter Eleven. Identifying Users from Their Typing Patterns

Alen Peacock, Xian Ke, and Matt Wilkerson

AS DEFICIENCIES OF TRADITIONAL PASSWORD-BASED ACCESS SYSTEMS BECOME MORE ACUTE, researchers have turned their focus to keystroke biometrics , an approach that seeks to identify individuals by their typing characteristics. Since 1980, a number of techniques have been proposed for accurately harnessing a user’s unique typing pattern for system authentication and other novel uses. But do these systems deliver on their promise to increase system security and simultaneously ease the burden of logging into systems and remembering passwords? And do databases of users’ keystroke profiles present additional privacy concerns?

Typing Pattern Biometrics

Many current computer systems ask users to enter a username and password pair before granting access. This method of authentication relies on the password’s secrecy and, in some cases, the username’s secrecy. If secrecy is not compromised, the system asserts that these tokens uniquely identify a valid user.

The problems associated with maintaining the secrecy of passwords are well understood.[1] Passwords that consist of common words, common phrases, or terms associated with a particular user are generally considered to be weak because of the relative ease with which such passwords can be guessed by a third party or found through dictionary attacks. But because users find obscure passwords hard to remember, usability suffers. Not only must users ...

Get Security and Usability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.