How KeyTrac records your typing behavior

Recording your keystroke dynamics while you’re typing into a textbox is an essential part of the KeyTrac keyboard biometrics process.

KeyTrac Timeline

What data gets recorded?

KeyTrac only records the relative dwell and flight time and the keycode of each key while you’re typing in a textbox. To keep passwords secure, we use a special, obfuscated format, which keeps all of your passwords safe.

Do you record all user inputs?

No! The KeyTrac Recorder is explicitly bound to specific input fields and is technically not able to record entries which where made “outside” of these configured textboxes. Other inputs, wherever they may occur, are entirely ignored.

What about the performance?

Users don’t even recognize that the KeyTrac Recorder is working in the background. We’ve done a lot of performance tests, optimizations and enhancements in order to not damage the user experience of your website.

Want to know more about the technology behind KeyTrac?Contact Support

One technology, two operation modes

To enhance the identification performance and to meet your security requirements, KeyTrac offers two specialized modes.

Password Hardening

Add more security to Passwords

The “password hardening” operation mode is intended to be used for enhancing the security of password based authentication. By using this feature, you add an additional, biometrics-based security layer to your application.


AnyText Identification

Identification with any text phrases

The “any text” operation mode is perfectly suited for identifiying users based on the keystroke dynamics while typing changing, dynamic text phrases. This type of recognition is the special feature of AnyText.

The KeyTrac workflow in short

Using KeyTrac and its API follows an easy to grasp [Record → Send → Receive] method which is illustrated below. Let's start now!


Page with Recorder is loaded

The website with the embedded and configured KeyTrac JavaScript Recorder is loaded and is ready for recording.


User is typing into KeyTrac textboxes

KeyTrac Recorder is bound to one or more textboxes and is waiting for user inputs to record keystroke dynamics.

Form Submit

Data is received from your Backend

After submitting the form, all recorded keystroke dynamics gets passed to your backend as form encoded values.

{"user_id":"c9e76e95-413c-4c0a-8ffc-3014d1fbd727", "samples":["generic browser/0.0#m=0#2023-02-08 14:22:54|0dRSHIFT|320d84|48uRSHIFT",...]}

You send the KeyTrac data to our API

Now it’s time to pass the recorded keystroke dynamics and user ID to the KeyTrac API.


KeyTrac algorithm does the work

This is the time where the KeyTrac algorithm matches the submitted keystroke dynamics against the users’ profile.


Match-score is passed back to you

The computed match-score is now passed back to your backend where you’re able to utilize these results.

{ "score": 95, "authenticated": true }
Match Score

Ready in just four simple steps

Integrating KeyTrac into your website respectively your web service might be feasible for any developer. The integration only needs a manageable number of changes in your HTML frontend code and your backend code.


Changes on your HTML Frontend

Integrate the KeyTrac Recorder

In order to record your users' keyboard biometrics, it’s necessary to integrate KeyTrac Recorder's JavaScript into your website's HTML code. After a simple configuration, the recorder is ready to use.


Changes on your backend codebase

Introduce KeyTrac to your code

Before getting started, you need to extend your codebase to be able to transfer and receive data from the KeyTrac API. You need to, at least, incorporate an enrollment and an authentication section for using KeyTrac.


Required for enrollment or authentication

Send recorded data to the API

After implementing the required changes in your code, you’re now able to send the recorded keystroke dynamics to the KeyTrac API. This is required for enrollment and authentication of a user.


Take actions in your backend code

Utilize the API response

Now, your’re almost done. In the authentication case, the API responds with a true/false value and a percentage match-score. Use this boolean value to decide whether to permit or to reject this authentication request.