TypingDNA has been recognized as a Sample Vendor in Gartner® Hype Cycle™ for Digital Identity, 2024 and Gartner® Hype Cycle™ for Financial Crime, 2024. Learn more

TypingDNA ActiveLock
User Guide

What is TypingDNA ActiveLock?

Learn more about ActiveLock

How does the new ActiveLock 3.5 "Fortress" work?

Modeled after a medieval fortress with dual layers of defense (inner and outer walls), ActiveLock 3.5 codenamed “Fortress” features two layers of security aimed at effectively barring unauthorized access.

With the newly introduced layer for rapid detection, ActiveLock 3.5 Fortress responds in half the time of its predecessor, ensuring that virtually no unauthorized user can undertake substantial tasks on a protected computer without being locked out.

  • First layer of defence/Quick detection
    The first security layer employs short typing behavior authentication (around 50 characters) and mouse authentication to swiftly detect potential intruders. Typically, this detection leads to a step-up confirmation, such as immediate face authentication if available, or wait for a follow-up typing-based authentication. Once the security criteria within the application's settings are met, the system is authorized to lock the computer screen.

  • Second layer of defence
    The secondary layer essentially incorporates the established ActiveLock technology. It monitors typing patterns over a range of 150 to 500 characters and offers greater accuracy than the initial layer. Although this layer usually remains inactive because it responds slower, it serves as a backup mechanism to ensure all impostors are ultimately prevented from accessing the system.

Thanks to the app dual layer of defence the average impostor detection window has decreased from 150-250 chars to 50-150 in version 3.5, consistently being able to detect intruders under 100 chars.

What are the terms of the Trial license?

The Trial license is a free, limited time license that allows you to evaluate the product for 30 days. To get a Trial license please contact us.

Training mode

In the first few days after installing ActiveLock, the app will run in training mode as it learns your typing style and other initial information (such as your face biometrics and mouse movement). It is very important that you are the only person typing during this training time (roughly 2000 to 5000 words). Once the initial training is completed, the app will switch automatically to active mode and will be armed.

To see the app status find ActiveLock icon in the icon tray space (a lock + keyboard icon) and right-click on it. This will also allow you to access the app's menu and modify its settings.

Manual training when adding a new keyboard, mouse, or camera

Once initial training has completed, it automatically switches to “Training: Auto”, meaning that as you continue to use the computer, future biometric samples will be enrolled automatically, and the app will become better at recognizing you.

However, whenever you start using a new keyboard, mouse, or camera; depending on the security setting you are on, the app may react to new samples in a more sensitive way (for the “More secure” setting) or may become more tolerant (for ”Balanced” or “Less restrictive” settings). Therefore we recommend if possible whenever you plan to add a new keyboard, mouse or camera to your system, to also change the training mode from Auto to On. This setting will remain On until the next computer reset, or until you turn the training mode back on Auto.

Additionally, if your security setting is on “Balanced” at this time, the app becomes a little more tolerant, pausing the Quick detection system until the new keyboard is better known.

Active mode

After the app switches to “Active mode”, ActiveLock will detect unauthorized users in real-time. In most cases, it takes less than 100 typed characters for the app to detect a non-genuine user. If ActiveLock can't authenticate the user, it will take instant action to lock your device's screen or send a silent alert. However, it will take a few weeks until the app recognizes the genuine user best. Within this time, it is normal for some false rejects to happen, especially if the user types in a non-natural way, or extremely slow for longer periods. At any time, if you experience a higher than comfortable false rejection rate, you can turn training on or switch to a lower security setting.

Security Level

ActiveLock comes with 3 distinct security levels, optimized for the most important scenarios:

  • More secure
    Optimized to quickly lock the screen whenever it detects a potential attack/non-genuine user. This security setting is mostly valuable for traveling situations, when highly sensitive data is made available on a particular machine, and anytime a potential intruder is expected. Unfortunately, this higher security setting comes with a larger false rejection possibility.

  • Balanced (Recommended for most use cases)
    A smart, optimized security setting for best overall user experience & performance. Recommended for all corporate users to reduce potential harm from unauthorized people accessing an employee's computer for longer periods of time. This setting comes with a reduced false rejection rate.

  • Less restrictive
    Optimized for maximum tolerance, this setting comes with the lowest false reject rate. It is designed primarily to prevent employees from enabling unauthorized users to conduct significant work, and operate corporate computers on their behalf.

Other available settings:

  • Lock Screen (On/Off)
    Enables screen locking when an intruder is detected. Disable this to only log incidents without locking, useful for silent monitoring in enterprise settings.

  • Alert (On/Off)
    Off by default, it activates visual alerts, confirming the app functions correctly during tests.

  • Face Verify (On/Off)
    Enables facial recognition for enhanced authentication. Ideal for balanced security settings, it minimizes false rejections and improves impostor detection speed.

  • Mouse Verify (On/Off)
    Less precise than other methods, but vital when there's no keyboard activity. If enabled, a failed mouse verification leads to additional authentication steps (usually a face authentication step).

Is my data secure?

We take your privacy seriously. Running in the background, our AI-based technology analyzes your typing patterns and other biometric data right on your device, locally, so your biometric data doesn't leave your computer.

ActiveLock uses the following types of data:

  • Typing behavior (by verifying so called “typing patterns” against previously recorded ones)
  • Mouse movement behavior (optional, by using “mouse patterns”)
  • Face biometrics (optional, by using face data from system's available cameras)

Download & Install

Please follow the download link sent to your email from TypingDNA, and choose the operating system you want to install ActiveLock on.

Windows:

  • Open the installation file you have downloaded and follow the instructions in the setup wizard

  • When prompted with the following message, click “More info” and then click on “Run anyway”

MacOS:

  • Open the installation package you have downloaded and follow the instructions in the wizard

  • Once installed, you will be prompted to grant System Permissions

  • Click “Open System Preferences” and go to the “Privacy” tab

  • Go to “Accessibility” and mark the checkbox next to TypingDNA ActiveLock

How to reset my training?

In the event of significant hand injuries, or for any other reason, the entire training can be reset. To do this go to the app menu > Settings > Training > Reset. You can also opt to only reset face biometrics instead from app menu > Settings > Training > Reset face biometrics. This option can be useful if your face appearance has changed significantly.

Where can I find the log files?

The application is installed at a system level and the logs are kept at the user level. If the machine is used by multiple users, each user will have a unique typing behavior associated with them.

The logs can be found in the following locations:

  • Windows:
    C:\Users\{username}\AppData\Roaming\TypingDNAActiveLock\logs\activelog.log

  • Mac:
    ~/Library/Logs/TypingDNAActiveLock

ActiveLock incorrectly identified me as an impostor

The unlikely event when a genuine user is misidentified as an impostor (resulting in a false reject) may be caused by one of the following situations.

  • The typing pattern of a user has changed drastically due to an injury. The best course of action is to reset the training.

  • A temporary change in the typing behavior such as holding a mobile phone with one hand and typing with the other one for long periods of time.

  • Performing tasks/actions that have not been seen during the training period such as playing video games, typing in a very different language, at extreme speeds, or on a significantly different keyboard. One option to resolve these issues is to downgrade the security level. If this behavior continues, please reset the training and make sure to use all desired languages, speeds, and keyboards during the training.

If you have any questions please contact us at support@typingdna.com.

ActiveLock features
Pro version
Enterprise version

Lock Screen

Locks the screen when ActiveLock detects a non-authorized user. Once locked, you will be able to log back in IF you are the right user.

Alert

Opens a system alert along/instead of locking the computer.

Logs

Saves computer usage and continuous authentication data on the system in a .log file. The log contains information such as: computer name, absolute time, keyboard id, keyboard type, mouse id, application name, typing pattern characteristics (e.g. speed), training strength, authentication score, authentication result, action. The logs do not contain the actual text being type, nor the typing pattern or biometrics data.

Training

Training is set on AUTO right after installation but we also offer possibilities to manually adjust training. Once initial training is done, the app continues to train and becomes significantly better with time. On special occasions you may want to manually reset training (e.g. you break your arm, switch to a very different type of keyboard), for which we’ve built the Reset training feature.

Aggregate Logs

Aggregate the logs from each endpoint to your desired logging platform from where you can monitor each computer usage and authenticity in real time. We recommend Datadog or Grafana as a reliable log aggregation system, from which you can further communicate to your desired SIEM, data analytics or threat detection platforms.

Terminal Commands

Install and control the app through terminal commands. We’re currently working on adding more capabilities for terminal/powershell access. This is useful to be able to control the app remotely when running on many computers within an organization.