Nowadays, text entry is prevalent in day-to-day applications: unlocking a smartphone, accessing a bank account, chatting with acquaintances, email composition, posting content on a social network, or e-learning. As a means of subject authentication, keystroke dynamics is economical because it can be deployed on commodity hardware and remains transparent to the user. These properties have prompted several companies to capture and analyze keystrokes. The global keystroke biometrics market is projected to grow from $129.8 million dollars (2017 estimate) to $754.9 million by 2025, a rate of up to 25% per year. As an example, Google has recently committed $7 million dollars to fund TypingDNA, a startup company which authenticates people based on their typing behavior.

At the same time, the security challenges that keystroke biometrics promises to solve are constantly evolving and getting more sophisticated every year: identity fraud, account takeover, sending unauthorized emails, and credit card fraud are some examples. These challenges are magnified when dealing with applications that have hundreds of thousands to millions of users. As an example of this, Wikipedia struggles to solve the problem of `edit wars’ that happens when different groups of editors representing opposite opinions undo their changes reciprocally in an attempt to impose their version. Up to 12% of the discussions in Wikipedia are devoted to revert changes and vandalism, suggesting that the Wikipedia criteria to identify and resolve controversial articles is highly contentious. Other applications of keystroke biometric technologies are found in e-learning platforms; student identity fraud and cheating are some challenges that virtual education technologies need to addresss to become a viable alternative to face-to-face education. [source]

The literature on keystroke biometrics is extensive, but to the best of our knowledge, previous systems have only been evaluated with up to several hundred subjects and cannot deal with the recent challenges that massive usage applications are facing, and mainly focused on desktop and fixed-text scenarios only. Therefore, keystroke dynamics can still be considered a biometric modality at the early stages, especially for mobile devices. In fact, mobile devices entail further challenges with respect to desktop ones, such as the unconstrained and non-stationary acquisition conditions, possibly due to the users' activity, body position, emotional state, etc. In this challenge, we consider both desktop and mobile scenario in similar acquisition settings (English sentences of transcript text) to obtain a comparative assessment of the two scenarios.

In the case of the free-text format, the unstructured and sparse nature of the information captured, more frequent typing errors, and differences in between enrolment and verification sessions also lead to a higher intra-subject variability than in the case of the fixed-text one. 

Moreover, keystroke verification systems have evolved (and keep evolving) together with the available technology (deep learning-based classifiers), improving the recognition performance, and a typical issue of the field of keystroke biometrics is the heterogeneity of databases, experimental protocols, and metrics. This challenge will be made ongoing in order to provide a significant, reproducible test bench to the biometric research community.

Moreover, user profiling based on soft-biometric attribute extraction (age, gender) is a very relevant, yet relatively unexplored area for keystroke dynamics recognition.