Skip to content


Frequently Asked Questions


What data does the Twosense browser extension collect?
Twosense measures your typing cadence and mouse movements in the moment before you log into an SSO protected application.

Are my keystrokes being logged somewhere?
Keystrokes are hashed before they are stored, with no mechanism for a User, Administrator, or Twosense employee to decrypt and view them. We are working towards a model that uses 100% keystroke timing and does not store keystrokes at all.

Do you log the websites I visit?
We do not collect any information on sites visited.

Does Twosense use my webcam or microphone?
Nope. Only keystrokes and mouse movement are collected.

Does Twosense keep track of when I’m at my computer, or any other activity tracking?
No. Twosense is not productivity software. We only report a list of authentication events and whether or not the MFA challenge was successfully automated.


How long does it take to start working?

Like any machine-learning system, it takes time before your unique behavior can be effectively modeled. For most users, 95% of MFA challenges will be automated within two weeks.

Can users be locked out of applications if Twosense goes down?

If Twosense’s cloud service is unavailable, all users will be directed to traditional MFA workflows (the same ones they are using today.)

Does Twosense need sensitive access to Okta or OneLogin?

No administrative access or keys are required. Twosense functions as a multifactor provider, which an Administrator will need to initially configure. From that point onwards, no further access is needed.

Can Twosense be rolled out to a specific group of users?
Yes. Twosense is configured as a MFA factor that gets added to a policy within an SSO solution. That policy can then be applied to any group of users.