FAQ


We’re a company with roots in academia and engineering in northern Sweden. The core research comes from students at Luleå University, who invented the BehavioSec technology back in 2006. These young engineers then teamed up with senior researchers and security executives to launch it internationally. We still have our research and engineering office in Luleå, but now we also have operations in Stockholm, the US, the UK, Germany, and Hong Kong.

    Behavioral biometrics is the measurement of the human behavioral characteristics that are unique to each individual. These include things like gesture, voice, keystroke dynamics, and mouse movements. BehavioSec learns how each user behaves, then creates metrics that can confirm that they are who they say they are. With behavioral biometrics, it’s not enough for someone to get hold of your credentials.

    Because your behavioral profile isn’t useful to anyone but you, and is almost impossible to spoof, it also makes behavioral biometrics safer than physical biometrics. You can find out more about how it works here

      Our technology is already protecting millions of accounts from financial fraud every day. We help to secure over 1 billion transactions per year for our existing clients, mostly in the financial and banking industries.

      You can see more about where it works and for whom, if you go to this page

        We really hope that doesn’t happen, but this is by far the most frequent question we get. What we know you’re really asking is, “Can I trust behavioral biometrics to figure out that it’s me, even if my natural actions change in some dramatic way?” And the answer is, yes, it knows who you are.

        BehavioSec adapts to the changes in a user’s behavior over time. Since it looks at multiple aspects of how a user behaves, it allows for variances without reducing the accuracy.

        In extreme circumstances, an administrator can disable the affected profile or lower the sensitivity of the software.

          No, only the organization that implements BehavioSec stores the data from users, in accordance with their own data policies. The contractual arrangements with companies vary. Where customers choose a cloud-based solution, we technically have access to it, but have no reason to do so. If a company uses an on-premesis solution, we have no access to their user data.

            This is the easiest part. When you try the BehavioSec demo, you’ll need to complete at least 10 ‘transactions’ to build up your proile so that you can see how the technology learns your behavior and uses it to protect you. But in real-world situations, the technology collects that behavior from users passively, in the background. They don’t need to do any special logging in or training to benefit from the extra security.

              When using the demo, you should choose something you would naturally type, although it doesn’t have to be your real name. It should be more than six characters, and a random string or “AAA” or “123” won’t be enough to get a good result.

                BehavioSec on the web works best when users type their details directly into fields in a Javascript-enabled browser. You’ll also need to disable autocomplete for usernames and passwords so that the behavioral data can be continuously gathered and scored from the time a user makes a login attempt.

                Your web users will need to have Javascript enabled in order for the behavioral data to be gathered. If they have it disabled, they can still use your product, but they won’t get the extra protection we provide, and it may trigger step-up authentications that Javascript-enabled users can avoid. Users may choose to copy an paste, but the data won’t be rich enough to work as an identifier, and they’ll encounter manual step-up authentication.

                Some of these elements aren’t in your control, but you can ensure that user interfaces are designed to encourage the optimal conditions for using continuous authentication.

                  We’ve built BehavioSec so that this won’t happen, or is as unlikely to happen as any breach in a good security solution. When a user is entering information, all data is put into quarantine until it has been declared valid by authentication. Only once the user has been initially authenticated will the data be used to contribute to their behavioral profile. If BehavioSec detects and intruder, the data in quarantine is removed so that the valid user’s profile isn’t affected.

                    No, it isn’t. It’s based around an algorithm and works with your risk engine. BehavioSec produces a score that is fed into your risk engine, and you decide what qualifies as an adequate score to authenticate a user, based on a combination of other risk factors, including things like the sensitivity of the action the user is trying to perform.

                      No, we don’t sell the dashboard. We developed it as a way of showing you how the profiles work in your environment, but in a real-world implementation, a dashboard like the one we’re showing you is unlikely to be able to keep up with the behavioral data being processed. Behavioral biometrics can be hard to fit into a mental model, so we made the dashboard as a kind of slow-motion concept, to make the process a little easier to visualize.

                        No. Our technology only compares users with themselves, since we only authenticate that you are you, not that you aren’t someone else.

                          No because the computer is entering the data and real behaviometrical analysis is not possible then. In a real world scenario all data within a session, e.g. logging in and then entering a transaction, is used for continuous authentication. So the more data you enter the better the system is at recognizing you.

                            No, then it is possible no behavioural data collected and no extra protection can be applied.