Keystroke-Based Authentication by Key Press Intervals as a Complementary Behavioral Biometric

Analysis of keystroke dynamics can be useful in protecting personal data because an individual is authenticated not only by password, but also by that individual's keystroke patterns. In this way, intrusion becomes more difficult because the username/password pair, as well as the typing speed and correct keystroke pattern must both be duplicated. The purpose of this paper is to present a keystroke analysis tool that can be incorporated into distributed systems and web-based services. This study also assesses the potential of keystroke analysis as a complementary authentication mechanism. Eleven individuals entered a password into specially developed keystroke analysis software twenty times over a course of four sessions. The data were statistically analyzed to determine keystroke patterns. Tests were performed to verify whether the users could be properly authenticated. Results show that authentication with mean key press timings resulted in very good false acceptance rates, while allowing access to appropriate users.