I am a big advocate of two-factor authentication, but there are some problems. One of the three types of authentication is biometrics, which is “something you are.” NIST, in SP 800-63B states that the problem with biometrics are that they are neither a secret, nor are they replaceable in case of a breach. For example, you leave fingerprints everywhere, and you can’t run to the Thumbs’R’Us to get a new thumb if your enrolled thumbprint is spoofed.
Typing cadence, or how you type, is something that has been shown to be unique from user to user, and has been used as one of the newer biometric factors used in authentication. In the days of the telegraph and Morse code, a telegrapher’s “hand” or key cadence was seen to be unique, and a way to know that the sender was truly the person that was authorized to send the message. This concept was demonstrated in the beginning of the Bond movie “Dr.No.” So this concept has been around a while.
This Chrome extension already works with several on-line service providers, including Google and Gmail, of course, and Facebook, Dropbox, Evernote, Reddit, Microsoft Azure, and Amazon AWS.
There is the obvious problem with false negatives, where a legitimate user is unrecognized and asked to re-type credentials, but TypingDNA claims to have reduced this to 0.1% after the initial training period.
There are concerns that typing cadence systems could eventually be used to identify people using anonymizer and privacy services such as TOR or a VPN. But there is already a typing pattern randomizer extension for Chrome that would counteract this issue. (Surprise!)
In any event, typing cadence is another arrow in your authentication quivver. For those of you who are looking past two-factor authentication to multi-factor authentication, this could be one of the answers.