ActiveID – Unobtrusive 2FA with GAT Shield

The GAT team is very excited to bring you our latest innovation in cloud security. ActiveID; an unobtrusive, background security mechanism that automatically learns the very distinct typing style of each of your domain users (everyone’s style is as unique as their handwriting), and with that knowledge verifies whether the person typing is actually the user logged in or not. Once you enable ActiveID, it observes and learns in the background. Your users have no training or tasks to perform. Best of all, they are not required to constantly insert fobs to verify that they hold something to verify who they are. The proof is literally at their fingertips!

Note: ActiveID is not meant to replace the one-off act of using 2FA to log into the user’s account, rather it is designed to extend that protection from being a ‘once at login’ act to an ongoing process of verification. You should consider it a 3FA, a third factor, actively supporting the other two independent methods of access.

ActiveID Description

As mentioned in the introduction, ActiveID relies on people’s typing styles to uniquely identify and learn them, then, using a combination of statistics and AI, it is able to track the user’s identity while they are logged on to the Domain G Suite account. A prerequisite is that all users must be using Chrome and are logged into Chrome with their G Suite account. After that, we track the user across all the sites they browse while logged into the domain, not just G Suite. Below we offer you instructions on how to achieve this. The GAT Shield Manual already informed you on how to deploy Shield to every Chrome browser, now we outline to you below how ActiveID works AND how to force your users to only use Chrome (and hence Shield with ActiveID) to log into G Suite (requires Google Cloud Identity, which can be bought from Google or is free with G Suite Enterprise licenses).

ActiveID Deployment

If ActiveID has been enabled for your domain, you will see the ActiveID menu section under configuration.

ActiveID works by listening in the background to learn how each individual types. Every person’s typing style is as unique as their fingerprint. Once enabled ActiveID starts to learn every user’s style, quietly building up a database of how they type. Once it has enough patterns to to be sure with 99% certainty the style of the user, it will then switch to automatically comparing each new typing sequence with what was the saved model. If a rogue user starts to work on an logged-in account that is not theirs, Shield will automatically detect this user. The Admin can then set a range of actions Shield will automatically take, from alerting the Admin, to grabbing a screenshot of the page, to snapping a picture of the ‘rogue operator’ with the device camera. In addition Shield will compare the ‘rogue’ pattern to all other patterns in your domain database to give a ‘best guess’ of who the interloper is, should the interloper be another member of your domain.

Under the configuration area, Admins can set the scope of users they want to deploy ActiveID to, they can also see detailed stats on the trained model, the number of users whose style it has learnt, the list of users not yet known to is and other details. In the event that a particular user is generating a lot of false positives, the Admin can also retrain the model for that particular user. The Admin can also turn on and off ActiveID for the entire domain.

ActiveID alerts are treated like any other alert and the alert rules can be configured in the ‘Alert Rules’ section.

Once ActiveID is enabled, simply add a new rule and select ‘ActiveID’ as the rule type. You will then be presented with a rule configuration screen. From here you can pick the configuration and alert options that suit you.

To enforce GAT Shield with ActiveID for all logins using Google Cloud Identity see here.