Esta es la versión de autor de la comunicación de congreso publicada en: This is an author produced version of a paper published in:
IntroductionCyber security is a critical concern for governments, companies and end-users. The secure access has become a must in a global society connected by internet and Cyber Security is defined as the body of technologies, services and practices designed to protect computers, networks and data from damage, attack or unauthorized access [1]. Passwords-based authentication is one of the most popular secure access approaches. The security of these systems depends of the password strength and the security policies adopted.A typical security policy includes recommendations as: i) to avoid simple passwords; ii) to change passwords regularly; iii) to use different passwords for different accounts, systems and applications, and iv) to store passwords securely (try to memorize your passwords). The number of users who comply with these security policies is low as they decrease the usability of the systems. As an example, "=/z@l1N]" is a password generated by the automatic password generator of the BTAS2015 Conference Management Toolkit. The requests to reset passwords because they have been forgotten are common.In this context, keystroke dynamics authentication systems have attracted the interest of both researchers and industry [2][3]. Keystroke dynamics are proposed to improve the security of traditional authentication services based on passwords or PIN numbers. Biometric recognition is commonly related to "something that users are" instead of "something that users have" such as passwords. In the case of keystroke dynamics, the typical approaches based on fixed password authentication combine complex passwords and our keystroke dynamics biometrics. The password acts as a primary security level and the user access is not allowed until the correct password is inserted. The role of the biometric system is a secondary security level which try to detect intruders who are spoofing the identity of the legitimate user.Why not using the keystroke dynamics authentication as the primary and only security level? Is it possible a reliable recognition by replacing the way the people type complex passwords (something that they know) by the way they type their names (something that they are)?This work explores keystroke dynamics authentication based on personal data as opposed to complex passwords. The idea underlying this work is that while we can forget a complex password, we will never forget our family or given name. This authentication approach try to improve the security of the access as well as its usability. The main advantages of keystroke recognition based on personal data are: i) the learning curve [4] is minimized because personal data is information that users are accustomed to type; ii) the usability is improved by eliminating the necessity of complex passwords which comply with the security policies but are difficult to memorize. On the other hand, the main disadvantages of this appro...