We have discussed about Yubikeys, SQRL, and other 2FA that are based on the “something we have” to complement the typical passphrase/pin (“something we know”)
But there is another type of 2FA option, a stealthier one, based on the “something we do”: behavioral biometrics.
Keystroke dynamics measure the timings quirks that we have while typing that are unique to each person. Our hand positions, our speed, the length of our fingers, everything affects and we all have personal identifiable styles.
This would kill two birds with one stone:
- Proof of unique person
- Impossible to use stolen credentials.
This adds an interesting layer of security, although the only weakness here would be a keylogger capturing the timing and movements of the keyboard and the mouse so a hardware solution (“something we have”) such as Yubikeys, would still be needed.
I know of two companies offering this technology: BehavioSec and KeyTrac