The reliability of user authentication through keystroke dynamics

When typing on a keyboard a user can be authenticated through what he/she types (username, password), but also through how he/she types, that is, through keystroke dynamics. We study whether authentication through keystroke dynamics is sufficiently reliable as a security instrument to be used together with the more standard instruments. Based on a data set of 1254 participants who typed the same username and password, 20 times each, we develop a test statistic and obtain the power of our test. We conclude that keystroke dynamics can be a reliable security instrument for authentication, if used together with other instruments. It seems more suitable for authentication (verification) than for identification. Dwell times (how long a key is held pressed) are more discriminatory and therefore more powerful than flight times (time between consecutive press times).