This paper will propose a method of user authentication that constantly monitors the keystroke timings of a computer user, identifies a user based on the characteristics of keystrokes and discovers spoofing. This method authenticates users by comparing past and current keystroke timings when a user is working on a computer. This method has the following two main advantages. One is that it discovers spoofing even when users change while logged in. When a user pushes keys to operate a computer, the computer automatically performs personal authentication. Users do not have to take any special action for personal authentication. This paper will also propose how to enhance security using these characteristics in combination with existing user authentication methods.