[raresp]

Interesting news. But I see a lot of negative comments regarding the biometrics.

Here's my two cents.

I'm the founder of a biometric users identity check solution, called Typing AI Biometrics ( https://typing.ai ). We identify users by the way they type. Typing biometrics can be used as a two factor (2FA) or multi factor (MFA) authentication method.

Instead of combining the usual username + password with an OTP code that you recive on your smartphone or email, you can combine the basic username + password with a typing pattern check, it's much more secure and efficient. The typing signature translated into a 300+ encrypted characters hash, which is (up until now) impossible to break.

You can even remove the username + password and combine the typing biometrics check (known as keystroke dynamics) with an OTP verification. Biometrics are the future of authentication and authorization, because they are unique to each person, but only with the promise of not keeping and sharing the users data.

You can AMA on this Show HN thread: https://news.ycombinator.com/item?id=30130447

[gigaflop]

So then, I need to type the same password the same way every time?

If I set up an account while I'm still waking up, and then try to use it after lunch and coffee, wouldn't I get locked out due to inputting faster than expected?

Or what if I'm on the phone with someone, and trying to type with one hand? That would probably lock me out, right?

[raresp]

Our algorithm learns from previous detections. You will be able to enter different texts. Like writing your email or anything you want.

In the case of having an accident, you will be able to login into Typing AI and update your signature.

"Or what if I'm on the phone with someone, and trying to type with one hand? That would probably lock me out, right? " - good question. Your "one-hand" typing is totally different than writing with two hands but we also got this covered. The authenticity detection rate won't be over 90%, but it will still be over 80%.

[gigaflop]

So then, I need to pre-auth my typing styles depending on how I expect to type?

It isn't much of a stretch for me to think of 4 scenarios: 1. Laptop keyboard, 2 hands 2. Laptop, 1 hand 3. External keyboard (let's pretend I'm using only one out of my collection) 4. External with one hand

[jfk13]

How about when I break my wrist and it's in plaster for a couple of weeks? Seems unlikely that I'll maintain my characteristic typing pattern well enough to be recognised...

[raresp]

"How about when I break my wrist and it's in plaster for a couple of weeks?" - good question.

Your "one-hand" typing is totally different than writing with two hands but we also got this covered. The authenticity detection rate won't be over 90%, but it will still be over 80%.

In case of using the Typing AI as a two factor auth method, you can just skip to using a different factor, such as fingerprint/face recognition or OTP.

[LanternLight83]

Or switching to an ergo keyboard, trying a new typing layout, or just joining your first touch typing course?

[raresp]

"trying a new typing layout, or just joining your first touch typing course?"

You have just described the case where your typing pattern is changed. In this case you'll have to just login to your account and update the signature or remove it and create a new one.

[chayesfss]

typing biometric software has been around for a long time (biorhythm) and from what I remember from years ago had issues with users typing in from different devices all the time, laptop to ext keyboard, iphone to ipad with keyboard, kiosk, etc... I don't think it would be more secure or as you put it "much more secure" than say, user/pass and a push notification as the push notification is out of band. These used to be called 1.5 factor as it wasn't quite 2 factor.

[raresp]

I understand your opinion, and yes, it's hard to be able to identify the owner of an accountby checking smartphones, tablets and desktop keyboards. The recommendation is to create separate signatures for all of these devices, in this way the typing signature will be more stronger and the keystrokes verification will be more accurate.

We are adding new cases to our algorithm almost weekly, the typing detection keeps getting better.