What is ActiveID? #
ActiveID is one of GAT Labs’ family of tools — and it’s a Zero trust background security mechanism that constantly verifies the identity of the logged-in user.
ActiveID automatically learns the very distinct typing style of every user on your domain (everyone’s typing style is as unique as their handwriting), then uses this knowledge to continuously verify that person typing behind the keyboard is in fact the user logged in.
ActiveID is an algorithm implemented within the GAT Shield Chrome Extension that can be enabled for a set of users. This method then ”collects” different patterns measuring the way end-user type on their keyboard.
Based on this “behavior” a pattern is being generated. Using this pattern ActiveID builds a model which then allows Alerts to be triggered based on the user’s “typing style”.
ActiveID is an add on of GAT Shield (Which requires GAT+)
GAT Shield and ActiveID can be enabled for trial and are part of Vigilant plan for Education, and Secure plan for Enterprise.
How does ActiveID work? #
When a user starts typing we receive the typing characteristics of every 200 chars typed (more or less) and build a pattern from this data.
We then assess how likely this pattern matches the already stored pattern from this user, and obtain the probability from 0 to 1 (or from 0% to 100% – works the same).
We conclude that we’re “92% confident this user is not typing on their device right now”. Meaning there’s a 92% chance that the pattern we obtained does not match the pattern stored for this user.
This can mean someone else is typing at the moment on the user’s computer, or that the model is wrong and the pattern for that user has changed and we need to update our model.
How to Enable ActiveID #
ActiveID as part of GAT Shield #
ActiveID is part of Alert rules under the GAT Shield tool. The Admin, can set it up and enable it in GAT Shield using Alert rules, see this document for more information.