Keystroke authentication & monitoring | Ava Reveal

You’re in a hurry, out of the office, or collaborating on a project with a colleague. In many cases, the idea of sharing your credentials for a computer or account doesn’t seem that big of a deal. It’s the easiest way to provide access to your account when someone needs to see your data. A recent survey by SurveyMonkey found that an astonishing 34% of respondents said they share passwords or accounts with their colleagues. If the other person has the same level of access as you, it doesn’t seem harmful to let them use your account. However, there are several reasons why sharing credentials put yourself and your organization at tremendous risk.

You may have impeccable password security habits, using a password manager to keep track of the passwords you have randomly generated for each of your accounts. The risk to your organization of your password being compromised is low. If you share your password with someone else, there is no guarantee that person can keep it safe. By sharing your password, you lose control of how it is stored. Maybe your colleague writes it down and leaves it next to their desk, or they store it on a compromised device. It’s likely the person you have trusted with your password doesn’t mean to compromise your account. Still, they may not have considered the wider implications of the account getting compromised, and as a result, not taken the necessary steps to secure it.

In addition to improper storage of passwords, it also becomes increasingly hard to establish who is doing what when you share credentials — cybersecurity teams audit important and anomalous activity on systems. Under normal circumstances, if an individual alters sensitive company data or falls foul of a phishing attack, the cyber team can identify the user through their account credentials and take steps to rectify the problem. However, if many people all share a common login, the process of attributing activity becomes unnecessarily complicated. In most cases, time is of the essence when determining the cause and scope of a cyber incident. By complicating this process, you increase the risk to the organization.

Perhaps the most critical risk of shared credentials is the loss of access control. When you’re working with a colleague, you may have the same level of access, and legitimately view the same resources as them. In this situation, sharing credentials so a colleague can do their job may seem logical. However, even if you share the same level of access now, this might not remain the case. When employees leave an organization, their accounts are locked to protect corporate information. When there are shared credentials, this can’t be guaranteed, potentially resulting in disgruntled employees maintaining access to the corporate system. Promotions and changes in job roles also have unintended consequences when you have shared credentials, with colleagues gaining access to resources outside their job role.

Password sharing carries a considerable risk for your organization. According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches make use of stolen or weak passwords. Shared passwords make it easier for multiple systems to become compromised through a single account. Imagine a hacker discovering a document of shared passwords in one employee’s account; this quickly grants them access to other parts of the network, turning a single security incident into a major breach.

Multi-factor authentication means relying on more than just a password to access an account. When used for access management, it makes credential sharing much harder and often infeasible. Typically, multi-factor authentication means using a smartcard, random code generator, or other physical device as part of the login process. The Reveal Agent takes this concept one step further and provides continuous authentication by profiling a user’s typing behavior.

The Agent uses machine learning to recognize each user’s typing patterns by analyzing keystroke dynamics. Rather than relying on what a user types, the unique way an individual presses and holds a key or combination of keys on the keyboard is used to learn how they type. Once the typing patterns of a user have been established, they are associated with a set of login credentials. The Agent then analyses and verifies any future typing to detect unknown users of the account.

Ava Reveal collates each user’s typing patterns, making them available across the organization’s whole infrastructure. Through this central repository machines that have never been used by a user before can still identify significant differences in a user’s typing pattern, allowing the detection of unauthorized credential use. In hacking-related breaches where compromised credentials are used to gain access to a large number of assets on the network, this type of infrastructure wide authentication is invaluable.