Identity theft is a growing problem and fight against it is very important. One possible idea and question is: Can the speed at which user types be used to determine whether he/she is allowed to view bank account details or use other online services?
This is mechanism that, if proves as correct with acceptable accuracy, can help in antiphising battle as additional authentication layer as it is unlikely that an attacker will be able to properly repeat typing style and timings of original user.
My graduate student did some work in this area and developed application which hasn’t been proven as highly reliable, but was able to perform additional level of authentication coupled with other methods. It helped to increase level of protection for password based systems.
BioPassword is new security company and software based on the idea of keystroke recognition. According this company, they already have solutions for banking and finance, eCommerce, healthcare, digital rights etc. They also got awards for this.
There are open issues with this method still: What about if you’re trained as typist? Also, do you type the same way as others who learned the same way? Can we assume that the same user will type same every time? His mood, circumstances in which he types and other conditions that are not under control, can affect this lot. Also, the system would need to be recalibrated every time you changed your password. With a fingerprint, for example, that only happens once.
If you ask me, I wouldn’t want to automatically block users. From experiments my graduate student have done with this method up to now, the false-positive/false-negative ratio would have to be jiggered properly and also it is not method that we can use with high confidence still. But if they (BioPassword company) can get it working right, it’s an extra layer of authentication.