Behavioral Biometrics, MFA, Cybersecurity: TypingDNA Blog

The Corporate 2FA Blind Spot: What Happens When Phones Are Banned?

Most corporate MFA policies were designed with one assumption baked in: employees have a smartphone. For a significant portion of the workforce, that assumption is wrong – not because of personal preference, but because of company policy. 1. The Industries Where Phones Are Already Banned This is not a hypothetical. Across several major verticals, personal…

InUncategorized

Using Windows Hello as 2FA for Microsoft Entra? Here’s the Uncomfortable Truth

This article focuses on Windows Hello for Business as used within Microsoft Entra ID (formerly Azure AD) MFA flows. Many of the same principles apply to other desktop-based authentication methods like Okta Fastpass. 1. Windows Hello Is Not 2FA Windows Hello lets users unlock their Windows device using either a biometric (fingerprint or face recognition)…

InUncategorized

YubiKey or Nothing? There’s a Third Option.

Hardware security keys are the gold standard of enterprise 2FA. No serious security professional disputes that. The problem is not the YubiKey’s security properties – it is everything that comes with running them at scale. 1. The Real Cost of Hardware Keys at Scale The operational model for hardware security keys breaks down quickly in…

InUncategorized

Beyond Copy Paste: Detecting Retyped AI Answers With Typing Biometrics

The newest form of “AI cheating” does not look like copy paste. Actually most applications block the ability to paste text to prevent the use of AI. But here is what users do: a student reads text from ChatGPT on a phone/screen, then retypes it into an exam box. No paste. No clipboard. No obvious…

InUncategorized

TypingDNA has been recognized in the Gartner® Hype Cycle™ for Digital Identity

Gartner recognized TypingDNA as a Sample Vendor for the Passive Behavioral Biometrics category in Gartner® Hype Cycle™ for Digital Identity 2025, and Gartner® Hype Cycle™ for Fraud and Financial Crime Prevention 2025. Both reports highlight that passive behavioral analytics is entering the plateau of productivity, which we believe means that the technology is now proven,…

InUncategorized

NIST SP 800-63B Rev 4: SMS OTP is Now a Restricted Authenticator, But We Have the Fix

Update, February 4th 2026: TypingDNA SMS+ just released publicly. Check it out! NIST’s updated Digital Identity Guidelines (SP 800-63B-4) formally classify SMS/PSTN one-time passcodes as a restricted authenticator. This is the first time NIST has created an explicit “restricted” category, which comes with new obligations for any organization that continues to use these methods. While…

InUncategorized

NIST SP 800-63B-4 Introduces “Session Monitoring” See How ActiveLock Delivers It

NIST’s updated Digital Identity Guidelines to Revision 4 (SP 800-63B-4) and added Section 5.3 Session Monitoring (also called continuous authentication). The section recognizes continuous, in-session evaluation of user and device signals to catch fraud after login. When risk is detected, relying parties should coordinate with their identity provider to take action. Typical actions are to…

InUncategorized

TypingDNA on Mobile Phones: Best Practices for Mobile Browser-based Integrations

Typing biometrics behave differently on phones than on laptops/desktops, mainly because users grip the device in many ways and mobile operating systems protect motion sensors. This article explains how to build a reliable mobile experience for browser-based integrations. 1. Major differences between Mobile Browser and Native integrations Question Mobile browser (JavaScript) – RECOMMENDED Native app…

InUncategorized

How to Pick a Great SameText Phrase for Your Custom TypingDNA Integration

When you implement TypingDNA’s Authentication API with the SameText method, you have two ways to capture a typing sample: let users enter any text they like (hoping it is strong enough and that they will reproduce it exactly on future log-ins) or prompt them with a fixed, pre-defined phrase to type. We recommend the fixed…

InUncategorized

BYOD and the risk nobody is talking about

Why leaning on personal phones for MFA is becoming a blind spot – and how TypingDNA Verify 2FA closes it 1. The hidden dependency: personal phones as the second factor Only 15 % of companies still issue a work smartphone; everyone else depends on BYOD or a hybrid model (jumpcloud.com). When security teams roll out…

Find Us

Categories

Blog

The Corporate 2FA Blind Spot: What Happens When Phones Are Banned?

Using Windows Hello as 2FA for Microsoft Entra? Here’s the Uncomfortable Truth

YubiKey or Nothing? There’s a Third Option.

Beyond Copy Paste: Detecting Retyped AI Answers With Typing Biometrics

TypingDNA has been recognized in the Gartner® Hype Cycle™ for Digital Identity

NIST SP 800-63B Rev 4: SMS OTP is Now a Restricted Authenticator, But We Have the Fix

NIST SP 800-63B-4 Introduces “Session Monitoring” See How ActiveLock Delivers It

TypingDNA on Mobile Phones: Best Practices for Mobile Browser-based Integrations

How to Pick a Great SameText Phrase for Your Custom TypingDNA Integration

BYOD and the risk nobody is talking about