Your Heartbeat: The Ultimate in Password Protection?
The makers of a new device hope to replace Fluffy123 with the unique rhythm of your heart.
Nearly all of computer security boils down to one question: How can a device know that you are you?
Passwords are the most basic tactic for confirming your identity. If you can come up with your secret string of numbers and letters, you must be you.
But everyone knows that passwords are pretty weak barriers, in part because people are bad at choosing them (tending to use innovative combinations such as "password" and "123456") and because computers are good at breaking them.
Other than passwords, there are a host of other tricks, all with that same goal in mind: verifying that you are you. Two of the most common are security questions (silliness) and two-step verification such as Gmail's, which involves a secondary code that only you have access to.
These, however, are all variations on a theme -- logging in, account by account, to the data or service you are trying to access. A new device called the Nymi has a different idea in mind for how to verify your identity, and with it, its creator Bionym prefigures a time where you don't so much as log in as present yourself.
What is this device? It's a little bracelet you wear that makes sure you are you by verifying your unique heartbeat. It then can unlock your accounts and devices, just by its presence. If someone else wears the device, no dice. (Rumors of a similar Apple device have circulated for years.)
A promotional video from Bionym shows how this ought to work and imagines a few scenarios beyond your run-of-the-mill email login for which this could be quite handy:
What happens when you exercise or are under stress? The company explains on its site that the Nymi only verifies once -- when you put it on. And they recommend you put it on in a relaxed state that you could replicate easily (first thing when you wake up, say). Once it has identified you, it won't lose track of you until it is removed. When you put it on again, it will need to check you anew. Currently the company is accepting pre-orders which it hopes to ship in early 2014. Whether it works as well in reality as it does in the video will be determine whether this becomes a viable option for people concerned about their online security who have many accounts and devices to constantly log in to.
Of course, many of the functions demonstrated in the video will require some programming and possibly even some specialized hardware on the receiving end, but the conceit at least gives a sense of another way identity verification could work in an age when machines constantly need to know who you are.