Something You Are: Typing Cadence

What would it be like if you could identify yourself and authenticate your account by the way you type?  A Romanian company, TypingDNA, has created a Chrome extension that does just that.

I am a big advocate of two-factor authentication, but there are some problems.  One of the three types of authentication is biometrics, which is “something you are.”  NIST, in SP 800-63B states that the problem with biometrics are that they are neither a secret, nor are they replaceable in case of a breach.  For example, you leave fingerprints everywhere, and you can’t run to the Thumbs’R’Us to get a new thumb if your enrolled thumbprint is spoofed.

Typing cadence, or how you type, is something that has been shown to be unique from user to user, and has been used as one of the newer biometric factors used in authentication.  In the days of the telegraph and Morse code, a telegrapher’s “hand” or key cadence was seen to be unique, and a way to know that the sender was truly the person that was authorized to send the message.  This concept was demonstrated in the beginning of the Bond movie “Dr.No.”  So this concept has been around a while.

This Chrome extension already works with several on-line service providers, including Google and Gmail, of course, and Facebook, Dropbox, Evernote, Reddit, Microsoft Azure, and Amazon AWS.

There is the obvious problem with false negatives, where a legitimate user is unrecognized and asked to re-type credentials, but TypingDNA claims to have reduced this to 0.1% after the initial training period.

There are concerns that typing cadence systems could eventually be used to identify people using anonymizer and privacy services such as TOR or a VPN.  But there is already a typing pattern randomizer extension for Chrome that would counteract this issue. (Surprise!)

In any event, typing cadence is another arrow in your authentication quivver.  For those of you who are looking past two-factor authentication to multi-factor authentication, this could be one of the answers.

More information

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment