What is continuous authentication?
Continuous authentication relies on analyzing multiple data points linked to a unique user. This data can include browser activity, mouse characteristics, mobile sensors, and even behavioral biometrics. The data points are continuously monitored to identify changes in behavior, confirming or blocking a user’s access to corporate assets or programs.
Any changes identified by these sophisticated data analysis programs are flagged. Users’ identities must usually be reconfirmed using fallback authentication methods such as knowledge factors (e.g. passwords) or possession factors (e.g. SMS OTP). These measures ensure that only authorized users gain access to critical information or sensitive assets.
What is continuous authentication with typing biometrics?
Continuous authentication with typing biometrics analyzes the behavioral component of users typing on their keyboards by constantly (i.e. continuously) matching their typing patterns with previously enrolled patterns to verify that user’s identity. Users must first enroll their typing patterns and, with the deployment of artificial intelligence analyses, the dwell and press time between keys are constantly measured and verified.
If an abnormal typing behavior is detected, the user is locked out and must reconfirm their identity by using a secondary authentication method.
Continuous authentication based on typing biometrics analysis usually works in various scenarios. The most known are continuous authentication with typing biometrics on devices or endpoints. This measure ensures that the identity of endpoint users is continuously verified, and intruders are locked out whenever accessing the device. The typing biometrics-based authentication refers to any typing behavior performed on the device.
Another continuous authentication solution based on typing biometrics is related to the web-based application in which continuous checks are done only in a particular web app or program. This means that users’ identity is validated when using only such programs, and the protection is granted only inside such applications. Still, this type of authentication cannot be confused with context-aware authentication, which analyzes IP address, device type, operating systems, and other parameters, such as GPS, battery usage, network usage, web browsing behaviors, and online activities to authenticate a user continuously.
Evolution of continuous authentication
Continuous authentication has been a fascinating area of authentication due to the unobtrusive experience for the end-user, along with the fact that it provides strong security that’s ongoing once after the user logs in. Still, only the past decade’s advancements have enabled continuous authentication methods to achieve the accuracy rates we have today. Furthermore, due to increased computational power in recent years, typing biometrics-based authentication has been made possible in consumer-facing products.
In an IBM technical bulletin, typing biometrics, also known as keystroke dynamics, was first conceptualized in 1975. The author, Spillane, suggested that typing behavior might identify a user at the computer keyboard. Still, it was only in the early eighties that the technology was first proven to work.
A decade later, in 1995, Springer published the report Information Security — the Next Decade, including the paper Reinforcing password authentication with typing biometrics by W.G. de Ru, J.H.P. Eloff. In the paper, even at the dawn of typing biometrics, the authors recognized its capability to enhance security when coupled with passwords in the authentication process. Furthermore, making use of fuzzy logic sets, verifying collected typing indexes or patterns is shown to be possible with positive outcomes.
In the early 2000s, pilot studies tested, in laboratory environments, various data to understand continuous authentication resulting from the analysis of multiple data sets.
As shown in Continuous identity authentication using multimodal physiological sensors, laboratory results achieved 80% success rates in continuous authentication studying various sets of multimodal data like passive physiological sensors such as measuring temperature, GSR, eye movement, blood flow, and click pressure of thirteen subjects performing a computer task.
One of the common shortcomings of continuous authentication with typing biometrics has been, until recently, the enrollment process. Even with promising accuracy results and high authentication speed, users had to type lengthy text samples when enrolling their typing patterns to allow machines to create a typing index. This caused a burdensome user experience and was not a go-to method for consumer products or even corporate environments with hundreds or thousands of employees.
With smartphone adoption globally, continuous authentication relying on mobile devices sensors has seen the fastest improvement. Still, such sensors are not transferable to desktop environments. Users only have their keyboards and are sometimes limited to a particular software program where the browser characteristics and data are not available for authentication purposes.
A new era of continuous authentication emerges with ActiveLock by TypingDNA
After years of research and analysis of a million data points, TypingDNAs data scientists have developed a new technology that can continuously authenticate users based on how they type on their keyboards.
The continuous authentication solution, ActiveLock by TypingDNA, relies on analyzing the typing behavior of users. This enables a powerful and secure authentication method coupled with other data points such as pauses between phrases, and other sensors to understand the user behavior. This translates into a revolutionary product that can be used straightforwardly with minimal effort in the enrollment process.
Privacy by design is the conceptual umbrella of all TypingDNA products ensuring that algorithms only analyze how users type, not what they type.
ActiveLock results from extensive research and development of TypingDNAs proprietary same text algorithms — able to provide unprecedented typing pattern accuracy matching, while also being language agnostic. The matching algorithms response is also a speedy one, even though it requires low GPU resources.
The security elements encapsulated in ActiveLock make the technology highly secure. Compared to other biometrics like a fingerprint that can be hacked by accessing master keys, typing biometrics relies on particular individual typing patterns that are very hard to emulate. The typing patterns are first enrolled and then repeatedly confronted to match a user’s typing style. Even in an absurd situation of access to these typing patterns, authentication would not be possible without the AI-based matching technology.
Another breakthrough of this technology relies on transparency — enabling future clients to look into the typing pattern recorders and code and understand the technological advancements and features.
The need for continuous authentication
🙈 Remote workforce authentication security is more vulnerable than ever
A remote workforce requires enhanced security. During the pandemic, more and more employees were forced to work from home. In turn, security has now become the backbone of corporate success. For instance, Google reported 18 million phishing and malware scams related to COVID-19 take place every single day.
Since the beginning of the pandemic, cyberattacks have spiked — particularly in the banking and financial sectors. For example, a ransomware attack forced the world’s third-largest fintech provider to put servers offline and investigate a cybercrime that allegedly made millions of dollars in wire transfers vanish. The ransomware action was deliberately orchestrated while the corporation migrated thousands of employees to a work-from-home setup.
⚠ Attack vectors in a remote workforce scenario
Employee endpoint devices may be vulnerable as some employees share their work devices with other household members. In addition, IT departments can no longer physically maintain the laptops, desktops, and other devices that remote workers use, further complicating the matter.
Data leaks or interceptions often occur on unprotected networks. This risk is augmented by remote employees using unsecured or vulnerable WiFi networks — e.g. home WiFi networks with weak passwords. To illustrate, the Mirai botnet, one famous attack, infected millions of vulnerable home network devices then used them to launch a massive DDoS attack.
Insider threats originating from within the organization involve a current or former employee or associate who has access to sensitive information or privileged accounts within an internal network and misuses that access. Some examples of insider threats include malicious insiders, careless insiders, and privileged account takeover — all of which can compromise a company’s network.
💻 Employees use compromised passwords for their work account
Even if not remote, letting employees choose their desired passwords to log into their work-related accounts might not be the best idea. A report found that 80% of hacking-related breaches leveraged weak and compromised passwords. Another worrying statistic was revealed in Google’s New Research: Lessons from Password Checkup in action: 316,000 users were utilizing already compromised passwords.
Survey Monkey showed in a study that 34% of respondents share passwords or accounts with their coworkers. Primarily, this is due to their desire to improve collaboration. According to the data, one out of every three American workers may be sharing passwords — leaving organizations unable to determine who can access company assets.
In 2012 one employee had used their LinkedIn password (that suffered a breach earlier in the year) for their corporate Dropbox account. This led to the theft of 60 million user credentials. Unfortunately, using compromised passwords to log into sensitive work accounts is not easy to stop. Creating blacklists to avoid the usage of already leaked passwords might be an alternative, but it costs IT departments costly hours to constantly scan the web for compromised credentials.
There must be an alternative to compromised passwords, man-in-the-middle attacks, as well as other security breaches.
Continuous authentication uses cases and industries
Compliance with various security standards
Industries such as governmental or highly regulated work environments with specialized workforces must ensure only authorized employees can gain access and perform tasks. Below we highlight some additional use cases where continuous authentication can solve identity proof in a secure medium.
BPO and consultancy companies
Outsourcing of various organizational functions and departments has seen a surge since the 90s, with global corporations expanding their operations in countries where the workforce is less expensive. BPO companies now specialize in various functions such as HR, financial, or even development. All the departments handle sensitive information, ranging from personal information to financial or IP-protected secrets. Therefore, ensuring the rightful employee has access to this sensitive data is crucial.
By deploying continuous authentication in the BPO sector, companies can ensure high compliance and security standards with continuous identity verification of employees, contractors, or partners.
National defense and governmental institutions
Working with highly secretive information systems and environments in which a leak would jeopardize the security of millions of nations relies on trust and high-security measures. Handling protected or classified information and granting access only to authorized personnel makes the use of continuous authentication a go-to method. Coupled with additional security measures such as AES 256-bit encrypted communication protocols and risk-based authentication, continuous authentication ensures the rightful employee is still logged in. Furthermore, if continuous authentication is added after the highly secured login process, it adds an even greater layer of security by continuously checking that the logged-in user is the one operating under granted access. In this way, even if the login is compromised, access to crucial information is denied by applying a second, continuous layer of secured authentication.
Malicious programs bypassing endpoint security
Although antimalware software is now very advanced in detecting 0day attacks and vulnerabilities, intruder detection is still bypassed with various attack types, often relying on the user’s lack of knowledge. It’s actually the seemingly easy-to-perform attacks like phishing, social engineering, or brute force attacks that can grant access to malicious intruders.
By enabling continuous authentication, antimalware programs can guarantee that even with the proper credential pairing, hackers will not be able to access sensitive information or initialize payments on behalf of the rightful user.
Check out the ActiveLock by TypingDNA product page to find out more about continuous authentication with typing biometrics.