In the wake of serious security breaches in the last year, from the pilfering of Target customers’ credit card information to the celebrity iCloud selfie-hack, it’s easy to feel digitally naked. Your current best options—like making your password something along the lines of “**_^XBE47>>” or using two-step verification—also have their shortcomings, which has inspired a crop of enterprising scientists to come up with what must be the oddest, and possibly most secure, password yet: the rhythm of your heart.
A team of Toronto scientists has developed a wristband that can use your own heart rhythm, as measured by electrocardiograms (ECG), as an authenticator for everything from accessing email to unlocking cell phones and other gadgets. In a recent talk at the TEDMED conference in Washington and San Francisco, biometric security engineer Foteini Agrafioti told audiences that because our hearts are so unique—from their size to their orientation in the chest to how they pump our blood—they may be the perfect security “password.” The ECG-authenticating wristband, Nymi, is available for preorder on the company’s website for $79.
“We want to make authentication easy and for it to melt into the background,” says Karl Martin, CEO and founder of Nymi’s parent company Bionym. That’s what sets it apart from, say, Apple’s Touch ID fingerprint authenticator, which requires a person to prove themselves with every transaction, instead of being constantly read.
The company is now working on partnerships with password platforms, payment systems and travel companies with the hopes that this kind of ECG reading might soon be seamlessly adopted.
Biometrics are still not perfect, but the possibilities are vast. In her TEDMED speech, Agrafioti said she believes the future of security lies in the parts of our bodies that are difficult to steal and biologically exclusive. Think lip prints, tongue prints, nose pores, and even the acoustic emissions our ears make. “Don’t be surprised if we have managed to embed tiny microphones into earphones so your music player only unlocks in your own ears,” said Agrafioti.
“You look at the way we prove our identities and it’s archaic. Technology has advanced so much and still if we want to prove who we are, it’s usually with a password or a pin,” says Martin. “A lot of what we are focusing on for the future is not even directly security-related. It’s about hyper-personalization. How can you have a different experience if devices or smart things around you knew who you were and knew your preferences? In smart environments, like a smart home, you shouldn’t have to put in your password on a wall—it should just know it’s you.”
Agrafioti said we need to be willing to think outside the box to keep our information safe: “Passwords are broken because hackers are sophisticated but also because we as humans are just not up to taking ridiculous precautions to maintain our security.”
If their predictions are correct, one day it won’t be “ridiculous” to use your heart rhythms as a password—it will be ridiculous not to.