Inspiration

Security! Security!! Security!!!

Hi my name is Esedo Fredrick C. Am just a Web/Software Developer who loves security so much. I came across TypingDna Biometrics and I felt its awesome and fantastic to bring it to QuickBase.

Moving with latest Security on board. I introduce a frictionless biometric authentication powered by TypingDNA (https://www.typingdna.com/) to QuickBase.

See news link below on how ForgeRock and US retail chain’s POS deployed TypinDNA for login security respectively.

https://www.biometricupdate.com/202009/typingdnas-biometric-mfa-deployed-to-us-retail-chains-pos-for-login-security

Every Organizations, Companies, Businesses etc. are trying their possible best to ensure that their data, information's etc. are secured wherever it may be. Many Web and Software applications has been experience some hacking attempts like Phishing Attacks, Session Fixation attack, Session Hijacking, Spam-bots attacks, Brute-force Attack on Login Page and so on.

In the case of above aforementioned attacks,

1.) The trial security approach commonly used was to implement login attempts limits.

This means a user will have only limited chances to enter the right credentials such as 2 attempts or 3 attempts. After this, they will need to use the ‘forgot password’ option. This option has a serious limitations because an attacker can still brute force the Admin/Users login credentials and there by creating online unrest for the Users.

2.) Biometric Authentication Options :

Relying on Biometrics Authentications options is very costly and to a very big extent not effective. Eg. Biometrics Factors like Iris, Voice, Eyes and fingerprint Scanning etc. can also be lost due to accidents.

3.) SMS Multi-Factor Authentications : SMS 2-Way Factor Authentications may look promising but also has its own downside listed below

A.) Most at times, The SMS Authentication Code send by the Authenticating Website can be put on queue by the SMS Provider, this causes a delay on the SMS code arrival on the end users Mobile Devices and a single mistake/failure in the SMS Code factor authentication might lock the user out of the system.

B.) Some site still runs under http as opposed to https and thus the SMS authentication code can still be spoofed by the Man in the Middle attack.

C.) Another issue with 2 Way SMS Factor authentication is that it depends on authenticating code delivery to mobile devices only. if your Mobile Device is stolen or damaged by Water, you are finished.. with Stolen or Damaged Phone, You won't be able to get the SMS Code on your Mobile Phone as a second authentication factor.

D.) SMS Authentications just limit one to just Mobile devices. It simply means that if your phone is not charged, you are in trouble. Without Phone no authentications, no access for users.

While account recovery is possible, it’s likely to be time-consuming and to some extent somewhat difficult.

E.) SMS Authentications increases monotony in the Work Task for Support Departments: On daily basis many customers often complain that either they could not get their SMS authenticating Code on their mobile devices on time or that they are out of the SMS Coverage and thus cannot login to access their data when needed. This in turn causes too many help request flooding various Supports departments.

Introducing TypingDNA as a game changer

TypingDNA is a frictionless biometric authentications that identifies users based on the way they type something on/with .keyboard.
TypingDNA monitors and records only your typing behavior and not what you typed

some of the usefulness of typingDNA:

1) Intrusion Detection and Prevention: All DNA typing patterns are highly secured and encrypted as data moves over http or https. Website site that uses http has nothing to fear from any hacker eavesdropping their Login Data while on data is on transit thus Man in the Middle Attack is rendered obsolete by encrypted typing pattern powered by TypingDNA.

2.) Multiple Device Access: SMS Authentication limits Users only to Mobile Devices but with TypingDNA, One can use any digital devices ranging from both Phones, Laptops, Palm tops, Computers, Desktops etc. This simply means that if you implement your typing pattern with Phone, Desktops etc. then you have double chance of authentications and access. If someone phone is stolen or damaged, no problem as TypingDNA can allow you access via Desktops, Palm-tops,Laptops etc.

3.) SMS Coverage Setup Mitigations: With TypingDNA, no need to setup any costly SMS Gateways. No need to worry about SMS Coverage issues, Once you have an Internet Connection and you are with your any digital device, then you are good to go.

4.) Drastic Reduction in Monotonous Work Flooding Sites Supports Departments: Many Problems we are having with Web Applications is about numerous users complaining about their account being attacked, spam-boted or Brute Forced. This causes a lot of help request flooding the site Admin.

With TypingDNA, Users account is highly secured because what the user typed is not noted but what is recorded is how the word is being typed and since everyone has a unique typing pattern, this will render Scanvenging Spambots, Hackers or any Brute Force Attack 100% obsoletes and various Site Supports Departments can never be flooded or overwhelmed with request complaints arising from attacks on their various Client/Users accounts.

5.)Easy integration into any Website/applications likes Banking System, Voting Systems, School Attendance System, Online Examination System, E-commerce etc. to help prevents Attacks, Frauds and Unauthorized access to real Users Accounts.

6.)Spam-bot Killer: TypingDNA renders every spambot ineffective. Spambots works by either dynamically filling the Form inputs or by making directly request over http/https.

TypingDNA carries out this security roles by ensuring that the User must type the enrollment data (typing pattern) with his hands for data to be processed. This makes it extremely difficult for Spambots to succeed. Consequently, this protection gives all the site Admin the full assurance that data sent to their ends is submitted by Humans and not by automated Bots.

What it Does & How to Test it

Our applications leverages the Power of Quickbase and TypingDNA to build a secured voting system for Teams, Businesses, Schools, Elections etc.

To test the app, You will need to Register and then Login.

1.) When you register for Voting, the application will direct you to TypingDNA Enrollment Form so that you will type your Email address with your hand so that your typing pattern for your email will be processed and send to typingDNA.

Since TypingDNA API Call in this our application sample requires 2 major parameters Email and a Userid

We hashed the users registered email address using PHP built-in hash password algorithm and used it as the users UserID for typingDNA.

Both your Registered data and hashed Email and Password are saved to QuickBase via Json API Call

2.) To login and Vote, Once you successfully login, the application will redirect you to TypingDNA Verification Page where you will need to identify that it was you who has successfully loged-in.

You will see that the Voting System is protected by TypingDNA and you will recieve a warning that you will need to be verified by TypingDna before being allow to the voting System even if you have successfully login before.)

Once you are on TypingDNA Verification Form, you will have to type the same email address you used for registration following the same typing pattern. The TypingDna only identify the real user based on their typing behavior so copy and past of email address will trigger an error.

Once successfully verified, you can vote to candidate of your choice just once per candidate.

All data are processed by programmatically leveraging QuickBase JSON API Call

How I built it

The application was built using Ajax/Jquery, PHP, Bootstraps, Quickbase Json and XML API Calls .

In a nutshell, We Build this application leveraging Quickbase Json/XML API Call at Backend via PHP.

Quickbase Table created were 4(Four) Tables and they are listed below along with their functions

1.) Typingdna_Keys Table: This stores typingdna API Keys and Secret with Quickbase. The content of this table is queried via Quickbase Json API Call within the application to allow us process and send typing data to TypingDNA.

2.) Members Table: This table stores registered members information. Since TypingDNA API Call in this our application sample requires 2 major parameters Email and a Userid

We hashed the users registered email address using PHP built-in hash password algorithm and used it as the users UserID for typingDNA.

Users Registerations Enrollment and Verifications by TypingDNA are performed by calling Quickbase Json API and TypingDNA API respectively.

3.) Contestant Table: This table stores information's about People Contesting in the Election.

4.) Voters Table: This table stores information of the voter, votes counts along with whom they voted for.

To perform all this, we programmatically leverage QuickBase Json API and TypingDNA API respectively.

Built With

Share this project:

Updates