Secure your small business:
Apps → Data →

Behavioral Biometrics

Behavioral Biometrics History, Applications, and Technology

What is behavioral biometrics?

2017 marked an all-time high for global cyberattacks, with nearly 160,000 incidents reported—almost double the 2016 count of 82,000.1 This trend shows no signs of slowing. By 2021, costs related to cybercrimes such as identity theft will reach a staggering $6 trillion annually.2

In today’s world of increasingly sophisticated cyberattacks, traditional authentication methods—including multi-factor methods that rely on SMS, mobile identity, or authenticator apps—are not strong enough. Organizations increasingly need state-of-the-art cybersecurity measures that provide persistent, adaptive authentication while simultaneously reducing expensive administrative headaches and end-user friction.

Enter behavioral biometrics.

Behavioral Biometrics Defined

Behavioral biometrics is an evolving technology that authenticates users based on patterns in their behavior. It identifies unique, individual regularities in the ways that people type and move, rather than identifying parts of their bodies (fingerprints or irises), things that they have (key fobs or phones), or things that they know (passwords or biographical details).

Unlike traditional authentication methods, which authenticate only when access is initiated, behavioral biometrics technologies authenticate continuously, evaluating a user’s ongoing interaction with their computer in real time.

How it works

Passwords, personal data, and key fobs are easily stolen—but it’s far less easy to “steal” the unique micro-variations in an individual’s movements.

Every person behaves in a completely individual way. The gait with which someone walks, the fluctuations in vocal tone as they speak, and the cadence with which they type are as unique as fingerprints—but are much harder for malicious actors to capture, much less duplicate. Behavioral biometrics uses these patterns to authenticate users and protect data.

Plurilock’s behavioral biometric tools run on the computer systems connected to an organization’s data. Each user with valid access automatically generates a behavioral profile that reflects the distinct ways in which he or she interacts with critical systems—gestures such as keystrokes, and mouse movements.

Once a user’s profile is learned, their gestures are monitored silently, in real time, to continuously authenticate identity. If behavioral patterns that don’t match the profile occur, the system can immediately prompt for other forms of authentication, block access, or lock the device down entirely.

At present, behavioral biometrics is best seen as a powerful, non-overlapping addition to other forms of authentication. In the future, as behavioral biometrics matures, it will likely replace other authentication methods entirely.3

Behavioral Biometrics: Chapter 1


Though the field of behavioral biometrics continues to evolve, three basic types of behavioral biometric data can already be identified: kinesthetics (body movements), vocal patterns, and device-based gestures.

Behavioral Biometrics: Body/Gait

Body Movements

Posture: The unique properties of an individual’s body position and weight distribution while standing or while seated.

Gait: An individual’s unique walking style, including characteristic movements made while in motion: stride length, upper body posture, and speed of travel relative to these.

Behavioral Biometrics: Voice Recognition

Voice Inputs

Vocal Patterns: The unique, regular variations in sound that occur as a user speaks or vocalizes.

Behavioral Biometrics: Device

Device-Based Gestures

Keystroke Dynamics: Typing patterns that vary uniquely from user to user. These include a combination of keystroke speed, keystroke duration, variations in these for particular key sequences, and characteristic patterns that occur when typing common groups of keystrokes such as words or control sequences.

Cursor Movement: Unique patterns in mouse or trackpad cursor movement including paths, tracking speed, direction changes, clicks, and the relationships between these.


Behavioral biometrics tools differ in key ways from less secure physiological (body-based) biometrics tools.


Physiological biometrics relies on the structures of the body for identification—for example, on fingerprints, on facial dimensions, or on the parts of the eye. Though these structures make each individual body unique, they are static, which leaves them more vulnerable to being scanned or photographed, then reconstructed for malicious use.
Behavioral Biometrics: Physiological Biometrics
Biometric Authentication


Behavioral biometrics identifies patterns in the ways that particular bodies perform particular tasks—patterns in walking, speaking, typing, or even mouse behavior. These patterns are prohibitively difficult to capture and replicate, and they evolve over time.

Behavioral biometrics tools profile these patterns, then evolve with the user. They leverage powerful statistical models and machine learning to spot the differences between a known user’s gradual evolution and the unwanted presence of an entirely different user.

Use Cases

Behavioral Biometrics tools are suited to a wide variety of authentication and access management tasks, most notably in healthcare, critical infrastructure, financial services, and other high-security environments. Behavioral biometrics can prevent or mitigate against:

Behavioral Biometrics: Stolen Credentials

Stolen Credentials

No matter what countermeasures are in place, login credentials are periodically stolen or compromised. This endangers systems, data, and entire infrastructures. Behavioral biometrics can be used to ensure that the person attempting to use a system has been legitimately granted access to it.

Behavioral Biometrics: Account Sharing

Password/Account sharing

The informal sharing of named accounts is a common security risk. Best-in-class behavioral biometrics technologies can differentiate between intended users and everyone else—even as login credentials are being entered—and block authentication accordingly.

Behavioral Biometrics: User Substitution

User Substitution

Ad-hoc substitution of one user for another, without prior knowledge or consent, is both common and risky, particularly in outsourced environments. Behavioral biometrics algorithms can ensure that the person actually using a system is the person presumed to be using it.

Behavioral Biometrics: Insider Threat

Insider Threats

Oversights in privileged access management can give rise to internal threats—users whose access to some systems inadvertently results in access to others. Behavioral biometrics can ensure that the actual moment-by-moment use of any system is carried out only by intended users.

Behavioral Biometrics: Remote Access Trojan

Remote Access Trojans

Whether a workstation is locally or remotely accessed, behavioral biometrics can check all use against authorized biometric profiles, immediately blocking use by unknown actors.

Behavioral Biometrics: Icon-USB-Attack

USB / Rubber Ducky Attacks

USB-based attacks commonly rely on rapid, automated data entry simulating keyboard or mouse use. Whatever the human user's understanding of or reaction to the attack, behavioral biometric tools are not fooled; they can immediately note the change in input patterns and block further input.

Behavioral Biometrics: Phishing

Phishing Attacks

Though behavioral biometrics can’t stop a user from clicking on malicious links or supplying sensitive data to malicious actors, it can rapidly detect intruders that use phishing data to access and act on a secured system—no matter what they attempt to do once logged in.

Behavioral Biometrics: Attribution

Uncertain Attribution

If attacks or breaches occur, behavioral biometrics can be used to identify internal participants in them. The biometric signature of the actions taken can be compared against known user profiles, identifying the culprit(s) using the nuances of their keyboard or mouse behavior.

Behavioral Biometrics: User Carelessness

User Carelessness

Even the most conscientious users may inadvertently leave workstations unattended or unlocked before stepping away. Behavioral biometrics can identify the arrival of a new, unauthorized user rapidly—even at an unlocked workstation—and take appropriate measures.

Behavioral Biometrics: License Management

License Mismanagement

The illicit sharing of per-seat licenses is both common and a liability risk for many large organizations. Behavioral biometrics can ensure that licensing practices are sound and only named users make use of licensed products and services.

Behavioral Biometrics: Fraud

Identity Fraud

Financial services organizations, health care organizations, or others that provide services to end-users can rapidly profile each user's behavior and stop malicious attempts to access data or services with stolen user credentials.

Behavioral Biometrics: Invisible MFA

Passive, Pervasive MFA

Passive and pervasive by design, behavioral biometrics is a completely invisible link in the authentication chain. Behavioral biometrics is transparent and frictionless; until threats arise, users don’t even know it’s there.

Behavioral Biometrics: Compliance

High Regulatory Compliance

Behavioral biometrics tools enable organizations to meet key portions of the increasingly stringent cybersecurity standards and regulations set forth by NIST 800-171, ISO 27001, HIPAA, FINRA, and FISMA.

  1. Online Trust Alliance: Cyber Incident & Breach Trends Report. Review and analysis of 2017 cyber incidents, trends and key issues to address. Retrieved June 12, 2018 from:
  2. CyberSecurity Ventures: Cybercrime Damages $6 Trillion By 2021. Retrieved June 12, 2018 from:
  3. National Institute of Standards and Technology. July 2018. Digital Identity Guidelines Authentication and Lifecycle Management.
  4. >Kaczmarek, T., Ozturk, E., and Tsudik, G. 2017. Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.