TIME Research

This Could Be the Most Secure Password Ever

85040630
Gen Nishino—Getty Images

Scientists are using your heart as a security authenticator

In the wake of serious security breaches in the last year, from the pilfering of Target customers’ credit card information to the celebrity iCloud selfie-hack, it’s easy to feel digitally naked. Your current best options—like making your password something along the lines of “**_^XBE47>>” or using two-step verification—also have their shortcomings, which has inspired a crop of enterprising scientists to come up with what must be the oddest, and possibly most secure, password yet: the rhythm of your heart.

A team of Toronto scientists has developed a wristband that can use your own heart rhythm, as measured by electrocardiograms (ECG), as an authenticator for everything from accessing email to unlocking cell phones and other gadgets. In a recent talk at the TEDMED conference in Washington and San Francisco, biometric security engineer Foteini Agrafioti told audiences that because our hearts are so unique—from their size to their orientation in the chest to how they pump our blood—they may be the perfect security “password.” The ECG-authenticating wristband, Nymi, is available for preorder on the company’s website for $79.

“We want to make authentication easy and for it to melt into the background,” says Karl Martin, CEO and founder of Nymi’s parent company Bionym. That’s what sets it apart from, say, Apple’s Touch ID fingerprint authenticator, which requires a person to prove themselves with every transaction, instead of being constantly read.

The company is now working on partnerships with password platforms, payment systems and travel companies with the hopes that this kind of ECG reading might soon be seamlessly adopted.

Biometrics are still not perfect, but the possibilities are vast. In her TEDMED speech, Agrafioti said she believes the future of security lies in the parts of our bodies that are difficult to steal and biologically exclusive. Think lip prints, tongue prints, nose pores, and even the acoustic emissions our ears make. “Don’t be surprised if we have managed to embed tiny microphones into earphones so your music player only unlocks in your own ears,” said Agrafioti.

“You look at the way we prove our identities and it’s archaic. Technology has advanced so much and still if we want to prove who we are, it’s usually with a password or a pin,” says Martin. “A lot of what we are focusing on for the future is not even directly security-related. It’s about hyper-personalization. How can you have a different experience if devices or smart things around you knew who you were and knew your preferences? In smart environments, like a smart home, you shouldn’t have to put in your password on a wall—it should just know it’s you.”

Agrafioti said we need to be willing to think outside the box to keep our information safe: “Passwords are broken because hackers are sophisticated but also because we as humans are just not up to taking ridiculous precautions to maintain our security.”

If their predictions are correct, one day it won’t be “ridiculous” to use your heart rhythms as a password—it will be ridiculous not to.

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


YOU BROKE TIME.COM!

Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team