Keystroke ID (keystroke identification) is a biometric authentication method based on the unique typing dynamics of individuals.
Keystroke dynamics are the patterns of rhythm and timing created when a person types. Elements include:
- Overall speed.
- Dwell time (the length of time a key is pressed).
- Flight time (the length of time between the depression of one key and the next one).
- Variations in flight time among particular key combinations.
- Common errors.
Data captured during authentication is compared to a stored sample for the user. Some systems also monitor the dynamics throughout a session or sample it periodically to ensure that the same user is still involved and the session has not been hijacked.
The patterns of people's keystroke dynamics are known as their typeprints; they are as distinctive as the patterns of ridges and branches on their fingertips that yield fingerprints and the vocal characteristics that yield voiceprints.
Benefits of keystroke ID:
- Because it's software-based, deployment is simple and inexpensive.
- User keystroke dynamics can't be lost, stolen or forgotten.
- The dynamics cannot be copied or faked.
- Both false positives and false negatives tend to be low.
Keystroke identification goes back to the days of the telegraph, when operators were known by their distinctive patterns (known as the telegraph operator's "fist"). During the second World War, a methodology known as the "fist of the sender" helped to identify the source of Morse code to confirm that a particular message was, in fact, from the legitimate sender.
Keystroke ID is sometimes used as one method of multifactor authentication (MFA).