Most characteristics that identify us are obvious: our physical appearance, a fingerprint, or even an assigned number. But there are certain telltale signs that may not be so apparent — such as how you type on a keyboard.
Leon Eckert, a researcher at the Interactive Telecommunications Program at New York University, created a system that measures and identifies both the speed and rhythm of a user’s keystrokes. By measuring so-called “keystroke biometrics,” the data can be used to identify a person, the same way an individual’s handwriting can give them away.
In a demonstration to Vocative, Eckert’s software recognized a user’s typing style within just a few seconds of them tapping away on a keyboard. User profiles are generated based on statistics about typing patterns, including duration between key presses and delay between one specific key and another.
Even in its early state, the tool is said to have about 85 percent accuracy for those who have participated in the study.
The researcher even went a step further and began predicting a user’s emotions and their current mental state based on their typing habits. Eckert has been collecting data with a key tracking program that users willingly install, in addition to self-reporting their emotions.
The concept is not new: In World War II, when crucial information was transmitted by Morse Code, the military developed a method dubbed “The Fist of the Sender,” which helped to sort out which messages from allies, and which may be attempts at sabotage by the enemy.
Keystroke biometrics can be as basic as how many words per minute a user types, but in Eckert’s case, the data is far more complex, which could help narrow down an individual from a significantly sized data pool.
Such data is already being used in limited forms by various security companies. For example, TypingDNA uses keystroke dynamics verifications to protect products in a number of markets, including Software as a Service, web apps, eLearning, ePayments and more.
Such technology can be used to provide continuous authentication — a form of unobtrusive biometrics that could greatly enhance security.
Of course, as Eckert’s research demonstrates, such technology could also have potentially uncomfortable uses as well, particularly if keylogging software were unknowingly installed on a system, or if a web app remotely collected such information from text entry.
By identifying you and reading your mood, perhaps that buggy cloud-shared spreadsheet will one day know just how frustrated with it you actually are.