Since 1964 cardiologists have known that everyone's heartbeat is unique and influenced by different factors such as the heart's size, shape and position in the body. So since it is so unique, can your heartbeat be used as a password? Scientists certainly think it is possible.
Unique Passwords vs Unique Biometric Identifiers
In 2016 alone more than 4.2 billion records were leaked thanks to the abundance of data breaches. That means usernames and passwords or password hashes. Is your data among them?
In light of this threat, biometrics are considered to be on the way to becoming the ultimate authentication method for digital security. Biometrics advocates certainly do have a very good argument to underpin the use of such authentication systems: biometric identifiers are distinctive, measurable characteristics that can be used to validate the identity of individuals. That was previously the role of the usernames and passwords that were required to grant access to data to only the rightful user, which is especially important if the user wished to gain access to sensitive data or account details.
By utilizing unique identifiers, biometric authentication systems seem to solve the huge problem that internet-based service providers face, namely how to make sure the user that logs in is the rightful person.
One of the earliest biometrics used were fingerprints because they are universal, unique, permanent, and easy to capture. Recently, facial recognition has become more popular, but along with that came the added issue of visible biometrics being easily captured without a user's consent. There’s also the fact that users can leave certain biometric traces behind – just think about the glass of wine you had at the bar last night, covered in your fingerprints.
Your Heartbeat as a Password
One of the oddest systems and a relatively new addition to the biometric family is one developed by a group of Toronto scientists lead by biometric security engineer Foteini Agrafioti: the rhythm of your heartbeat. The team, under the Nymi brand, has developed the ECG-authenticating wristband Nymi and uses electrocardiograms to authenticate the user.
HeartID, as Nymi calls it, validates a user's identity based on ECG sampling and subsequently authenticates them in a secure and continuous manner. What makes this system unique is that ECGs cannot be easily captured; you’ll need cooperation from the target for it to work, claim the scientists.
While healthy ECG signals from different people conform to roughly the same repetitive pulse pattern, small differences in the overall shape of their waves reveal significant distinctions between individuals. During the authentication process, HeartID is able to eliminate artifacts that result from breathing, body movement and/or an inadequate connection, and focuses on the user’s heart patterns.
In a work environment where a technician performs various tasks, user authentication is validated by usernames and passwords. Nymi aims to streamline the process with HeartID, but the problem with this method is that it needs additional hardware. The Nymi band, the IoT (internet of things) device that incorporates HeartID, and NFC (near-field communication) to transmit user data.
In this case the technician won't introduce usernames and passwords, they will simply tap against the NFC reader for authentication. HeartID will then confirm that the rightful user is performing the task and transmit the information (which would previously be handled by usernames and passwords) via radio.
Another biometric authentication system, developed by a team at the University of Buffalo, uses low-level Doppler radar to measure your heart and continuously monitor it to confirm the identity of the user. When used for the first time, the system needs eight seconds to scan a heart. From that moment on, it will continuously recognize that beating heart.
The basis of this system is the unique geometry of the heart, which makes for a great differentiator. The advantages of this system are that it is a passive, non-contact device and that it monitors the user constantly.
Biometrics vs Passwords
The battle among competing standards is something that makes technology evolve continuously, and deciding which one is better is not for us to say. With that said it is clear that such technology is still a work in progress. At this stage biometrics are not yet ready to fully replace passwords, so until then a combination of the two authentication methods seems to be the best option that technology companies have chosen to go with. If biometric authentication fails, it’s always possible to log in by typing your password or passcode.
Best Password Managers of 2019
|Editor's Choice 2019|