Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons Li- cense Attribution 4.0 International (CC BY 4.0). CybHyg-2019: International Workshop on Cyber Hygiene, Kyiv, Ukraine, November 30, 2019. Two-factor User Authentication Using Biometrics Viacheslav Liskin 1[0000-0002-9418-0633] , Egor Serdobolskiy 1[0000-0002-6443-4954] and Iryna Sopilko 2[0000-0002-9594-9280] , Tetiana Okhrimenko 2 [0000-0001-9036-6556] 1 National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine 2 National Aviation University, Kyiv, Ukraine liskinslava@gmail.com, serdobolskiy.vik@gmail.com, taniazhm@gmail.com Abstract. The article is devoted to the biometrics algorithms of authentication in web application. The authors conduct an overview of biometrics algorithms. Described benefit of most popular biometrics’ algorithms and two-factor user authentication. Selected one which most prefer for web application and doesn't require additional devices. Modeled this approach and tested it on real data. The modification of the keystroke dynamics algorithm, as the collection of input characteristics on the keyboard during a visit to the site had been proposed. The authors come to the conclusion that the use of a larger set of date for training will improve the algorithm and will be possible to increase the accuracy. Keywords: authentication, biometrics, keystroke dynamics, machine learning, optimization. 1 Introduction Biometric data [1] allows to identify and authenticate a person on the basis of a set of unique and specific for him identifiable and verifiable characteristics. Biometric au- thentication is data comparison on a person's characteristics with that person's bio- metric characteristics, that are taken to be true, to determine similarities. The peculiar- ity of this comparison is that these two datasets coincide should be almost identical, but not completely identical. This makes it possible use different methods to improve and compare biometric methods. The reason is that biometrics, even one person, al- most cannot match by 100%. The initial model is first stored in a database. Person who try to be authenticated is “visitor”. Stored data is then compared with the biometric characteristics of the “vis i- tor”. Because the biometric characteristics are unique to everyone, they cannot be seen or stolen. In order to be able to identify the individual, the first thing you need to do is to get the data from that user. The data obtained depend entirely on the method by which the user will be identified. For example, for the voice recognition it can be a record of their voices, for the face recognition it can be a photo of their face. These data are