About TypingDNA
- Founders: Raul Popa, Cristian Tamaș, Adrian Gheară
- Founded in: 2016
- Employees: 22
- Money raised: $8.8 million
- Ultimate goal: To improve security and ultimately our lives by identifying people by the way they type.
Typing isn’t as anonymous as you may think. The way you type the characters on your keyboard is just like your handwriting. TypingDNA has developed a system to validate the identity of people by the way they type. “Statistics show that we type much more than we talk. Given the recent increases in cyber security breaches related to identity fraud, I think we will see a surge in the use of this type of technology,” comments Raul Popa, CEO and co-founder of TypingDNA in this instalment of Start-up of the day.
How does your solution work?
“At TypingDNA, we’ve developed many technologies that are all based on one core component: typing biometrics – the way people type. Generally speaking, TypingDNA compiles samples of typing behavior and matches them to previous ones by using their own proprietary AI algorithms. This can be done for two-factor authentication (2FA) in the cloud, on a mobile device and on the actual computer to detect identity fraud, as a way to exclude fraudulent accounting or unauthorized access to devices, etc.
Typing biometrics for online authentication works by verifying someone’s identity by the way they type on their keyboard to grant them secure access to online accounts or physical endpoints. This enables remote authentication in the cloud and on the device for employees and for the authentication of students in online learning systems or customer authentication in financial applications.”
Why should this technique be preferred over classical authentication systems?
“First of all, each typing pattern is unique; the way you type a certain text today will be a little different than how you typed the same text yesterday. However, it will vary only slightly, enough for our systems to be able to detect that it is the same person who is typing.
Now, it is important to make the distinction between identification and authentication, and the fact that typing biometrics is part of what’s known as ‘soft biometrics’, which are not capable of proper identification. Personal characteristics like hair color, eye color, and height also belong to the same category. Any one of these alone will not be able to identify an individual. This holds true even if you combine a few of them. With typing biometrics, you get a uniqueness factor of up to 1/10,000, depending on the amount of typing behaviour that has been collected and the level of sensitivity.
That is just as unique as your credit card PIN. Unique enough to verify an identity but not enough to identify an individual person, since many people share the same PIN number. In the same way, a lot of people may type in a similar fashion, but the statistical chance of someone unwittingly typing like you is extremely small. That’s why it works well for certain things (2FA, for example, or fraud detection) but not for others (single-factor authentication, a replacement for passwords).
I think this also says something about how secure the technology is. To sum it up: it is extremely secure but should not be used as a way to replace passwords altogether as it is not completely bulletproof. It certainly has its limitations.”
How widely is this type of solution currently being used?
“Not widely enough. I think that everywhere identity fraud can be committed whenever a user types something, a typing biometrics authentication should be carried out.
I’d say the technology today is used in less than 1/1,000,000 use cases where it ought to be required. It’s like seatbelts before the seatbelt became mandatory. Nobody used them, no car manufacturing company was installing seatbelts at all, with the exception of Volvo, obviously, the company that not only invented seatbelts but made the patents open source, so that all car companies could make them, improving safety for everyone.
Today we can’t imagine the world without seatbelts. We can’t imagine the world without airbags either, although they came a lot later. I would say our technology is more comparable to an airbag because it doesn’t require the user to do anything special. For the most part it works behind the scenes, and it only becomes active if it fails to authenticate the user. This is particularly true for our Continuous Endpoint Authentication solution, which runs on your computer, and learns how you type in a couple of days. Then it locks the computer screen if anyone else starts using it, like an airbag – in a way.”
How did you come up with the idea of this start-up?
“I was obsessed with UX (user experience) and how improving UX could impact the performance of a website, application, store, etc. At the same time, I became very passionate about machine learning, what we more commonly call ‘AI’ today. While researching various AI concepts in the field of pattern recognition, I stumbled upon some work that has been done previously in the field of ‘keystroke dynamics’; often regarded now as ‘typing biometrics’.
I found it fascinating and realized that the existing research didn’t achieve its potential at the time. The proposed algorithms behind it were poor, and it all came down to the way the typing pattern was being recorded and used.
I decided to change that. I’ve seen the potential for this type of technology to become a passive biometric that could protect us all online. A technology deeply embedded in the very fabric of the internet that would enable seamless authentication.”
How difficult was it to secure investment?
“Raising money is tricky, not only for TypingDNA but for any kind of company. Investors give the impression that they are some sort of truth-tellers, able to guess the future of a start-up by talking to its founders and looking at the books, company metrics, and revenue in such detail that they never miss an opportunity. However, nobody talks about how much FOMO actually drives the investment industry, how luck really turns out to be probably the most important factor in the early success of a company, and how revenue-based investments almost always fail to pick the top-performing start-ups.
My point is that it is tough to make smart investments. You rarely know for sure, and if you think you know for sure – based on metrics usually – I can tell you that there are probably 100+ other start-ups trying to do the same thing. Early successful start-ups are always copied and rarely manage to achieve a high market share. Ultimately the best start-ups are the ones that have lots of capital to burn. It may sound cliché, but investors tend to invest in start-ups that other investors invest in. A strategic FOMO that works most of the time.
That being said, the best investors invest in people, not in companies, products, etc., and they invest based on a hunch in which they strongly believe. Our main investors are strong in AI technologies and very founder-friendly. I think we also have a sort of ‘wow factor’; the technology works really well and easily impresses people in a live demo, so there is not so much we need to say as founders to convince investors. Still, we did talk to a lot of investors who said no. It’s part of the game. So yes, it was difficult for us to a certain extent, but I can tell it wasn’t a walk in the park for investors either.”
Where do you see TypingDNA in the coming years?
“Ideally, the technology should be utilized everywhere, embedded in the very fabric of the internet, of our communications. In particular, I think TypingDNA should become a standard in authentication across multiple platforms. That’s why we actually open-sourced our JavaScript typing biometrics recording systems to allow anyone to capture typing patterns in the exact same way for a future where this technology is used everywhere by everyone.”