High Tech Login Security System

🔐 About the Project — BehaviorAuth

💡 Inspiration

Traditional authentication systems rely heavily on static credentials like passwords and OTPs.
However, if credentials are leaked or phished, these systems fail to identify who is actually using them.

This inspired us to explore behavioral biometrics — the idea that how a user behaves (typing rhythm, mouse movement) can act as an additional invisible security layer that is extremely hard to replicate.

BehaviorAuth was built to demonstrate how human behavior itself can become an authentication factor, improving security without adding friction for the user.

🛠️ How We Built It

BehaviorAuth is a full-stack authentication system that combines:

Password authentication
Email OTP verification
Behavioral biometrics
Device fingerprinting

Frontend

Captures typing behavior using keydown and keyup events
Captures mouse movement patterns inside input fields only
Generates a device fingerprint using FingerprintJS
Sends all data securely to the backend

Backend

Stores behavioral profiles in MongoDB
Compares login-time behavior with registration data
Calculates similarity scores
Makes authentication decisions based on trust level

🧠 Behavioral Similarity Logic

We analyze multiple behavioral features such as:

Average typing speed
Key hold duration
Typing intervals
Mouse movement speed
Mouse path distance

Similarity is calculated using normalized difference:

[ Similarity = 100 - \left(\frac{|A - B|}{\max(A, B)} \times 100\right) ]

Where:

(A) = stored behavioral metric
(B) = current login metric

Typing and mouse similarity scores are combined, and authentication succeeds when:

[ \frac{TypingScore + MouseScore}{2} \geq 70\% ]

🔐 Adaptive Authentication Model

BehaviorAuth follows a risk-based access model:

Verification Status	Access Level
Password + OTP + Biometrics	Full Access
Password + OTP (Biometric mismatch)	Limited Access
Invalid credentials	Access Denied

This approach avoids false rejections while maintaining security.

📚 What We Learned

Behavioral data can act as a powerful invisible security layer
Authentication does not have to be binary — trust can be graded
UX is critical in security systems to maintain user confidence
Even simple statistical models can effectively detect anomalies
Clean separation between frontend capture and backend verification improves reliability

🚧 Challenges We Faced

Avoiding noisy mouse data from full-screen movement
Ensuring biometric data resets on failed attempts
Balancing security strictness with user convenience
Handling OTP failures during demos (solved using demo OTP mode)
Designing a UI that feels secure, not intimidating

🚀 Conclusion

BehaviorAuth shows that authentication can go beyond passwords by leveraging how users naturally interact with systems.
By combining traditional credentials with behavioral intelligence, we create a login system that is both secure and user-friendly — suitable for real-world applications like banking, enterprise security, and fraud prevention.