Keystroke Dynamics Authentication
The below model verifies passwords based on keystroke dynamics. Please feel free to try it out
The aim of this project is to produce be able to authenticate users via only keystroke dynamics. This can be used in a variety of applications; for example, it can smoothen user experience by allowing some typos in password entry or can significantly improve security by requiring both password and keystroke dynamic authentication.
In the web version displayed above, among us other adjustments, we are only able to use the time between key presses as an input. However, in the full version, which runs directly on the authentication machine, we can also include the time the key is held down (on most machines), which greatly increases accuracy of the model. We also include people using the DVORAK keyboard in the dataset. We found it best to pretrain the model on the Carnegie Mellon dataset. We clearly see improvements from deeper networks, but required user inputs to train the model to their password input also increased (it's a little ridiculous to ask users to type their password 100 times or to ask them to enter a paragraph for every login). Thus, we came upon a solution that balances the success rate while ensuring the need for little input.
One of the largest problems faced is user login on a new computer. This is usually associated with a change in keyboard and thus a change in the keystroke dynamics. We see this change even if a user uses the same model keyboard on a different computer. This seems to be a systemic problem to keyboard dynamic authentication due to the change in distribution of input data, although we see some success with some changes to the model and a lower bar for authentication (not included in the web version).