Interesting ways to increase security (incrementally) has a story about the use of typing patterns to identify whether a user is the actual user or a hacker.

I like the idea, though I fear it won’t catch on.  Defense in depth, adding an edge is important, but the key element from this article comes at the very end where they say that if they suspect the user is not legit they will ask additional questions.  This is the key to preventing (for the most part) denials of service to valid customers while still having a chance to catch the bad guys.