Biometric Authentication Using Typing Behavior

I’ve been pretty outspoken about my love for biometrics in healthcare. In particular I couldn’t imagine my computer without facial recognition, but I’ve also enjoyed playing around with biometric fingerprint readers and proximity readers too. Sorry, no retina scans yet. Anyone willing to send me one?

Today I came across a new biometric authentication method that recognizes a person’s typing behavior. Techcrunch described it as folows:

It’s a Flash-based interface that compares your typing style against a list of known styles and logs you in based on your individual typing fingerprint. To enroll you simply type a sentence nine times and then the system senses the pauses, mistakes, and speed of your hunting and pecking. Obviously, this doesn’t work if you have a broken hand or, presumably, you’re under duress so it’s fairly hard to crack a system using physical coercion. A cool way to add biometrics to web-based forms.

They have a test on their site, but the registration process seemed a bit onerous. Haven’t they realized the first key to a website is to let me test the product with no registration. Then, let me register when I like it? Maybe if I have some free time later I’ll register and try it out.

I wonder if something like this could merge with the OpenID movement and make this one other method of authenticating yourself to an open id enabled site. Could be pretty interesting I think.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • Greetings:

    There is a wonderful solution for HiPAA-compliant authentication, SecureAuth from MultiFactor. It’s 2-way authenticaiton – thus assuring both client and server identification. (Handwriting authentication – as detailed, is unilateral authentication – only authenticating the user – the server can be “phished” – with a MITM, “man-in-the-middle-attack”. )

    SecureAuth also can become the authentication mechanism for an OpenID identity provider.

    Very interesting in any follow-up articles on what the new government health care mandates will impose on health care providers. (E.G., like FFIEC for financials and PCI for credit processors) Please keep writing!

  • I still prefer facial recognition as my favorite biometric authentication.

    I’m not sure about your solution since I’ve never used it, but I can tell at first look that most small or group practices aren’t going to have the IT support or desire to implement a solution as complex as yours. Might be worth a look if you’re a hospital.

  • Sure. We have deployments with under 100 users. Of course, for the hosted sites where the hosting service deploys a SecureAuth server – we have user groups with as littler as 2 and 3 users. (Enterprise utilizing Google Apps have been attracted to SecureAuth’s simple integration – very interested to see the adoption of Google Health.)

    THe real question, at least for me is, what level (2-factor?) of authentication will be mandatated by those involved in HITECH auditing?

  • Garret,
    I’m guessing that the HITECH act won’t mandate 2 factor authentication at all. I think the purpose of the $18 billion is to implement EHR and get clinical data from the EHR. So, I’m guessing you’ll see no impact there other than increased EHR adoption which means more potential customers I guess.

    What is something for you to consider is that I’ve read about some parts of the HITECH act which were written to help enforce HIPAA more than it has in the past. If this becomes true, then many groups may fear enforcement of HIPAA and 2 factor authentication. Time will tell on this one.

Click here to post a comment