Typing biometrics implemented for email account takeover protection by GreatHorn
Cloud email security provider GreatHorn has introduced a biometric-based account takeover solution to its email security platform that analyzes user typing patterns for authentication with least possible disruption to prevent takeover attempts, the company announced.
Dubbed Account Takeover Protection, the solution leverages a mix of data science, machine learning and technical analysis with human context. It provides passwordless authentication from a single factor to deliver a frictionless email workflow.
Cloud account compromise is often identified only after the damage has been done. Although multi-factor authentication has been reported effective, not all customers activate it. GreatHorn claims that its Account Takeover Protection detects compromised accounts without affecting user experience.
The solution was built on GreatHorn Reporter, a client-side plug-in, and uses machine learning to identify typing patterns on desktop and mobile devices. Once authorized, it uses a pre-determined trigger such as frequency, time delay, or communication pattern anomalies for reauthentication. It allows administrators to use failed attempts to configure actions for faster incident response.
Multi-factor authentication can be bypassed with attacks such as social engineering and phishing attacks, among others, the company points out in the press release. Compromised accounts can put company documents at risk, but they can also be used in impersonation attacks or to gain access to business-critical systems.
“Most email solutions rely on binary or perimeter-based analysis to prevent email attacks, but these methods fail to identify when a legitimate account has been compromised,” said Kevin O’Brien, co-founder and CEO, GreatHorn. “Our Account Takeover solution uses proprietary, best-in-class keystroke analysis to match typing patterns as a unique identifier. Your typing pattern is unique to you and extremely difficult to replicate, making it highly accurate and nearly impossible to circumvent. And because the action of typing is a part of a user’s everyday workflow, it allows for periodic validation with minimal disruption.”
The solution is available in beta and will be demonstrated at RSA Conference 2020.
TypingDNA, which provides typing biometrics for desktop computers and mobile devices, is also demonstrating its technology at RSA.