This article was published on March 15, 2018

This Chrome extension enables two-factor authentication logins by watching you type


This Chrome extension enables two-factor authentication logins by watching you type

Two-factor authentication is a great way to protect your online accounts, but it can be a tad cumbersome: you need to have your phone handy so you can either receive a one-time password via SMS (which frequently fails me), or set up an app like Google Authenticator to generate codes offline.

The folks at New York-based startup TypingDNA have come up with a way to make that a lot easier, and it’s one of the most interesting ideas in biometrics I’ve heard of in a while – and it now works as a two-factor authentication tool right in your browser.

Essentially, its service recognizes your typing pattern, which the company tells TechCrunch is unique to each individual. TypingDNA measures how long it takes you to reach a key, and how long you keep the key pressed down; this pattern is then associated with a user’s account.

TypingDNA watches you type to identify your unique pattern before logging you in
TypingDNA watches you type to identify your unique pattern before logging you in

The extension has you type in your username and password (you’ll need one for each computer you use), and log you in only if your typing pattern matches up to the original. That means that if someone else nabs your credentials, they still won’t be able to log into your account on that computer.

Once you’re logged in, you can set up 2FA for a variety of popular services with TypingDNA (over 1,000 sites are supported, including Gmail,Facebook, Twitter, Reddit, Amazon, Dropbox, GitHub, and DigitalOcean), and the extension will surface the necessary codes when you need to access any of those sites – no phone necessary.

Here's me logging into Buffer with 2FA
Here’s me logging into Buffer with 2FA

To set up 2FA for a site, log into TypingDNA first, and then follow your chosen site’s instructions and opt to generate a QR code that you’d normally scan with your phone in Google Authenticator or Authy. Then, click the TypingDNA extension button and you’ll be able to grab that QR code with one click.

From then on, clicking the TypingDNA button will display the 2FA codes you’ll need to log in to your sites of choice – and you can fill in the codes with a click, too.

I tried the extension myself and found it to work pretty well; even if I slowed down or misspelled my email address or password, it was still able to recognize me correctly. To spoof it, I tried switching from my mechanical keyboard to my laptop’s membrane keyboard, and deliberately took my time with each key. That left me locked out, even with the correct credentials.

You’re right to be skeptical, and it’ll probably take a few weeks of use before one can say for certain that TypingDNA works well for them. If you aren’t convinced, you can try a demo here. The company also notes that your chances of being mistakenly rejected when you attempt to login will decrease as you use the extension more often.

For now, it seems like a compelling alternative to whipping out your phone every time you need to log in to a site securely. Grab the extension for Chrome (it’ll also work in Opera after you first install this extension) from this page.

The Next Web’s 2018 conference is just a few months away, and it’ll be ??. Find out all about our tracks here.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with