Abstract or Summary:
The deficiencies of traditional password-based access systems have become more acute as these systems have grown in size and scope. Researchers are actively investigating ways to improve the security of password systems or offer replacements. One category of improvements uses keystroke biometrics, an approach which seeks to identify an individual by their typing characteristics. Since 1980, a number of techniques have been proposed for accurately harnessing keystroke dynamics for system authentication and other novel uses. But do these systems deliver on their promise to increase system security and simultaneously ease the burden of logging into systems and remembering passwords? And do databases of users' keystroke profiles present additional privacy concerns? In the following article, the authors address these issues while surveying the last quarter-century's developments, comparing results from the field with both well-known and newly proposed metrics, and examining potential roadblocks to widespread implementation of keystroke biometrics.