Future Work

Future Surveys

---

We would recommend various changes to the survey used to gather data.

Firstly, one could determine the significance of different typing platforms on a user’s keystrokes. If our assumption that keystrokes vary from mobile phone to desktop computer is true, users might be required to train a new model for each new platform.

Another feature of keystroke patterns one could test using a modified version of our survey is the relationship between user awareness and keystrokes -- more specifically, do users make ‘more secure’ or ‘less variable’ decisions when typing passwords, if they know that keystrokes are being monitored as a second form of authentication? Given that users will eventually become aware of how their typing rhythms contribute to their password if keystroke dynamics are used in practice, users will likely make conscious changes to the way they type their password.

Furthermore, since we only tested keystroke dynamics against 51 users and used one set password ‘.tie5Roanl’, our survey doesn’t necessarily represent the entire population of users and passwords. To have confidence in our results, we hope that future surveys would collect data from more users and would use a variety of password character combinations.

Future Models

---

To improve the models without additional survey data, one could use computer generated keystrokes as simulated attackers. As our tests only used human attempts which were not attempting to guess another person’s keystrokes, it is possible that the models would not hold up as well against computer generated attacks.

We could further improve and expand our model by testing keystroke patterns variability over time. Our current models are limited to analyzing typing patterns of a user in one typing session. We don’t know if keystroke patterns are static or could shift over time. With future models, we could simulate real life scenarios in which users would use passwords in more than one sitting over time.