Leveraging Variations in Event Sequences in Keystroke-Dynamics Authentication Systems

User names and passwords stubbornly remain the most prevalent authentication mechanism. Password secrecy ensures that only genuine users are granted access. If the secret is breached, impostors gain access too. One method of strengthening password authentication is through keystroke dynamics. Keystroke dynamics algorithms typically restrict the authentication entry to only one valid sequence of keystrokes, although conventional keyboards offer more than one way to enter the same credential. In this paper, we introduce the concept of event sequences. We explore the nature of variations between multiple valid keystroke entry sequences and propose a scheme for effectively representing these variations. Using a locally collected data set, we test the efficacy of the related authentication method in distinguishing users. The experimental results show that the variation in typing sequences are typing-proficiency independent, unlike other conventional keystroke dynamics attributes, such as hold and delay times. We show that these variations contain sufficient discriminatory information to warrant their inclusion into user authentication methods.