Browse Definitions :
Definition

keystroke ID (keystroke identification)

Contributor(s): Ivy Wigmore

Keystroke ID (keystroke identification) is a biometric authentication method based on the unique typing dynamics of individuals.

Keystroke dynamics are the patterns of rhythm and timing created when a person types. Elements include:

  • Overall speed.
  • Dwell time (the length of time a key is pressed).  
  • Flight time (the length of time between the depression of one key and the next one).
  • Variations in flight time among particular key combinations.
  • Common errors.

Data captured during authentication is compared to a stored sample for the user. Some systems also monitor the dynamics throughout a session or sample it periodically to ensure that the same user is still involved and the session has not been hijacked. 

The patterns of people's keystroke dynamics are known as their typeprints; they are as distinctive as the patterns of ridges and branches on their fingertips that yield fingerprints and the vocal characteristics that yield voiceprints.

Benefits of keystroke ID:

  • Because it's software-based, deployment is simple and inexpensive.
  • User keystroke dynamics can't be lost, stolen or forgotten.
  • The dynamics cannot be copied or faked. 
  • Both false positives and false negatives tend to be low.

Keystroke identification goes back to the days of the telegraph, when  operators were known by their distinctive patterns (known as the telegraph operator's "fist"). During the second World War, a methodology known as the "fist of the sender" helped to identify the source of Morse code to confirm that a particular message was, in fact, from the legitimate sender.

Keystroke ID is sometimes used as one method of multifactor authentication (MFA).

This was last updated in February 2015

Continue Reading About keystroke ID (keystroke identification)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close