Image commercially licensed from: Unsplash
In a world that is increasingly reliant on digital technology, maintaining secure and reliable systems for identity verification is a critical challenge. Despite the broad spectrum of solutions available, from biometric systems to two-factor authentication, security breaches and identity theft incidents remain a pervasive concern. Keystroke dynamics, an authentication method that leverages the unique way each individual types, offers a promising solution to these persistent issues.
Keystroke dynamics, also known as typing biometrics, is based on the idea that every individual has a unique way of typing. This technique captures the timing information of keystrokes, such as dwell time (the duration a key is pressed) and flight time (the interval between releasing one key and pressing the next). It then utilizes these measurements to create a profile of the user’s typing pattern, which can be used for subsequent identification or authentication.
Netflix Case Study:
To illustrate the importance and potential of keystroke dynamics, consider the example of Netflix. As a leading streaming service with millions of users worldwide, Netflix needs robust security mechanisms to prevent unauthorized access and protect user data. Beyond an obvious security need, Netflix recently initiated a campaign against password sharing in the U.S. as a measure to bolster its revenues in an increasingly competitive streaming market. While it was known for its friendly stance on account sharing, things took a turn when the company revealed its subscriber loss for the first time in over a decade in April 2022. However, they did recover with the addition of 7.66 million new subscribers in the final quarter of 2022, following the introduction of a more affordable, ad-supported tier. By the first quarter of 2023, they had acquired 1.75 million net new subscribers.
Netflix’s New Password Protocol: The company announced a new password policy which essentially allows only users from the same household (determined via the same internet connection) to access a single account. Exceptions to this would be additional paid users on a Standard or Premium plan. Those who access Netflix using borrowed passwords are prompted to create their own accounts or transfer to a new one.
Netflix plans to enforce this policy by leveraging information such as IP addresses, device IDs, and account activity. They have reassured customers of not using GPS data for this process. Furthermore, Netflix’s solution accommodates user mobility, ensuring users can access their accounts when traveling.
Keystroke dynamics can be a game-changer in such scenarios. By analyzing the typing rhythm of users when they input their usernames and passwords, Netflix could add an extra layer of security that is both unobtrusive and difficult to bypass. Unlike passwords, which can be stolen or guessed, keystroke dynamics are intrinsically unique and difficult to replicate.
In the context of cybersecurity and user privacy, keystroke research has gained significant attention recently. Most of the recent research predominantly concentrates on user authentication. However, in a recent paper by researchers at the Clarkson University, Potsdam, NY, USA, the authors provide a comprehensive solution to the problem of identity verification using keystroke dynamics (Sahu et al., 2022). It is worth noting that although OTT platforms have implemented measures to address password sharing, they have expressed a lack of aggressive enforcement in this regard. However, this approach holds potential in scenarios where multiple authorized users are permitted to access a single account on OTT/streaming platforms, each with their own individual profiles within the same account. Notably, since all users log in with the same password, the proposed approach becomes relevant.
Currently, users are required to log in and manually select their respective profiles to initiate streaming. However, the researcher proposed a method that enables automatic profile selection based on the user’s typing pattern as they enter their password. This serves as an additional security layer, leveraging the user’s password typing pattern to identify and safeguard the platform. The authors have demonstrated that it is possible to effectively identify up to 5 users, achieving an identification accuracy exceeding 92.51%. Importantly, the researchers did not rely on prior knowledge of the number of users or their specific keystroke features. This recognition stems from the understanding that password sharing can serve as a means for potential subscribers to explore the platform and potentially convert into paying subscribers in the future.
This research paper represents a significant advancement in the field of keystroke dynamics and demonstrates the potential of this technology as a secure and user-friendly authentication method. By utilizing deep learning techniques, it is possible to create models that are not only highly accurate but also robust against sophisticated attacks.
One of the authors Dr. Chinmay Sahu explains “While Netflix uses IP and device ID information, the novel keystroke identification method can provide an additional layer of security. This technology can discern users based on their unique typing patterns, potentially allowing the platform to detect unauthorized users even within the same IP or household. This method’s universality means it can be adapted to various platforms, offering a more granulated, user-specific security solution.”
In conclusion, keystroke dynamics represents an innovative approach to identity verification and security. Its ability to provide unobtrusive yet robust authentication makes it a compelling solution for OTT platforms, which must balance the need for stringent security measures with a seamless user experience. Furthermore, advancements in deep learning techniques, as demonstrated by the research of Acien et al., (2021) and novel solutions by Sahu et al., (2023), have the potential to significantly enhance the accuracy and robustness of keystroke dynamics-based systems. As digital technology continues to evolve, it is likely that we will see more widespread adoption of keystroke dynamics in the quest for secure and reliable identity verification.
