Keystroke Biometrics for Hiring: A Practical Guide
What keystroke biometrics actually measure
Keystroke biometrics — sometimes called keystroke dynamics or typing fingerprints — analyze the timing between keypresses, not what is typed. Two relevant intervals:
- Dwell time: how long a key is held down.
- Flight time: the gap between releasing one key and pressing the next.
Aggregated across thousands of keystrokes, these timings form a distribution unique enough to distinguish individuals with surprising accuracy. The XGBoost model we run in production hits useful precision after roughly 300 keystrokes — about two minutes of normal coding.
What they tell you in a hiring context
Three useful answers:
- Is the same person typing throughout the session? If the fingerprint shifts mid-interview, someone else likely took over.
- Does the candidate's typing match a baseline they established earlier? Compare the live coding session to the warm-up exercise. Drift = signal.
- Are bursts of code being pasted rather than typed? Pastes show up as zero-flight-time events.
What they do not tell you
Keystroke biometrics are not a lie detector. They cannot prove a candidate cheated; they can only flag anomalies worth a human review. Treat them like a code review comment: a prompt for a conversation, not a verdict.
Things that produce false positives:
- Switching between mechanical and laptop keyboards mid-session
- A second wind of caffeine
- Copying boilerplate from the problem statement
Using them responsibly
Three rules we ask every customer to follow:
- Disclose. Tell candidates that typing rhythm is being analyzed for integrity. Most are fine with it; the ones who are not tell you something.
- Never auto-reject. Use anomaly scores as one input to a human reviewer, never as a decision.
- Pair with other signals. Keystroke + face continuity + code coherence is far stronger than any one alone.
Used this way, keystroke biometrics catch the obvious cases (paid impersonation, mid-session handoff) without punishing the rest.