Implicit Authentication for Mobile Devices Using Typing Behavior

An attacker that compromises the unlock mechanism of a mobile device can fundamentally use the device as if it were their own, with access to a large portion of the user’s sensitive data and communications. We propose a secondary implicit authentication scheme which monitors typing behavior to detect unauthorized use and lock down the mobile device. We build a basic implementation of our scheme on the Android operating system. Our user studies on the implementation show that we can achieve an accuracy of up to 97 % identifying one user out of a set of fifteen, with an FAR of \(<3\,\%\) and an FRR of \(<.5\,\%\).