Behavior-based typing analysis may strengthen passwords

Before the computer age, spies sent some reports by Morse code.  Each had his or her own way of sending dots and dashes, which was called their “fist.” Intelligence officers worried if an agent had been caught and replaced by an enemy would record transmissions and analyze the “fist” to figure out if the message was trustworthy.

A Swedish startup called BehavioSec is doing something similar with an app being tested by Nordic banks for secure logins over mobile devices. It tracks their pressure and speed when typing  a PIN code to determine if the sender is the person who is associated with an account.

According to a report on, the company says that by the end of the year every Internet bank user in Sweden, Norway and Denmark will use its technology to doubly verify users by their typing behavior and PIN number.

It’s another way security vendors are trying to come up with new technologies to fight hackers who never tire of finding ways to steal passwords.

Unlike tokens (passwords or smartcards) which can be stolen, behaviour is individualistic, says the company. Its approach can measure typing or swiping of numbers or letters.  BehavioSec says its technology not only can be used on mobile devices, it can also be used on Web sites to combat fraud.

It is developing three products: BehavioAion, wbich monitors keystroke and mouse behaviour in real time after login; BehavioWeb, for consumer verification; and BehavioMobile, for mobile devices.

According to the Forbes report, the company says it reached 99.7 per cent session accuracy when it trialled its technology in conjunction with a pin number for Danske Bank.

On the other hand, the technology isn’t fast: BehavioSec’s algorithms can detect a false user in between 20 to 60 seconds of them picking up a smartphone, the company says. It is working to bring the time down.

Will this be the solution that defeats cyber-crime. Not alone. For one thing, I wonder how the algorithms cope with people like me, who with a backhand occasionally send a mouse flying when the cursor gets in the way of my typing. Or when I smack the keyboard in frustration when a browser freezes.

I suspect a layered approach will always be needed in the near future: a fingerprint swipe plus behavior-based analytics, for example. But if proven the technology will be an option for IT security pros.


Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web