Security consultants have launched a browser-based app that they claim can confuse behavioural biometric profiling systems.Keystroke dynamics have been used as a data source for behavioural biometrics. The researchers say randomising the rate at which keyboard events are measured can complicate this identification.Developed by security researchers Paul Moore and Per Thorsheim, the KeyboardPrivacy app is a Chrome extension that the developers say can artificially change your typing speed.Moore notes that behavioural biometrics systems: “monitor how long each key is depressed (dwell time), how long between each key press (gap time), how long to type a known string and hundreds of other metrics”.”If we can skew these statistics enough, it'd be almost impossible to profile and/or identify a user”.Planet Biometrics got a hold of Behaviosec CEO Neil Costigan, who noted that the app doesn't “defeat” a behavioural biometric system because “it doesn't 'break in'”.”This is akin to someone refusing to put their finger on a reader, it doesn't let them gain access”, to any system protected by behavioural biometrics, he said, adding that it also ignores pressure and gesture modalities.Moore writes on his website that Thorsheim (Founder of hacker conference PasswordsCon) had challenged him earlier this month to “defeat the underlying technology [in behavioural biometrics] and protect the user's privacy”.”Over the next few days, I researched the underlying technology and explored ways to nullify such profiling,” said Moore.Costigan said in response to the app's development: “We are delighted that researchers are looking at our technology. We are an academic-based company ourselves and this one of the reasons we are the only firm that has put live proof of concept demos of our system online.””We are more than happy that the system worked as intended”.He added he believes Behaviosec offers a strong consumer protection technology and that Moore's tool, in effect, could “force the consumer to have to deal with more complex solutions that kill the user experience like OTPs or out of band SMSs”.
Recent Articles
- Last chance to get involved in the largest Identity Week Europe in history!
- Apple’s age checks for iPhone and iPad users mandatory in the UK
- Identity Week Team to launch Tech in Gov Europe in 2027
- IOM organises international gathering to discuss digital ID for migrants
- Government ‘Information gateway’ will share public-held data with digital verification services
Recent Video
- Semperis: Operational resilience in Active Directory and Entra ID
- We’re back! The key features of Identity Week Europe 2026!
- How ICMPD is supporting Ukraine’s border resilience during crisis
- Jorrisa Neuterlings on enhancing AI-powered mobile customer journeys
- Will asylum seekers adopt government Digital ID? Netherlands demonstrate a real-world pilot
