Could Your Heartbeat Replace Your Passwords?

Think about how often you type in a password, and how those passwords guard some of the most important and valuable aspects of your life. You use a password to access your banking, credit cards, smartphone, computer, email and dozens of accounts ranging from Amazon to your energy provider. And you might not know it, but there’s been an ongoing push in the tech world to find a replacement for passwords – because passwords, frankly, aren’t very secure.

“We have different passwords for different places, and they're supposed to be random strings of digits, which is impossible to remember, so you save them in a file, which can then be stolen with ease,” says Jeff Kagan, a tech industry analyst in Atlanta. “It's a real problem, and there are a variety of solutions. We don't know which one is going to be the chief solution going forward.”

One of those solutions could involve biometrics. Biometrics is an umbrella term used to describe the many ways in which we can identify people by various physical traits. Perhaps the oldest and still most common is the fingerprint, which, all things considered, isn’t a terrible option, even now. Fingerprints are unique and inexpensive to implement as a system — just ask Apple, which has incorporated fingerprint recognition in its iPhones and iPads for over a year now.

But fingerprints have issues. For one thing, they can be replicated. You leave traces of your fingerprint behind on certain surfaces, and, according to an article in the Washington Post, those traces can be captured and reanimated.

One promising and sci-fi -sounding solution on the horizon is the Nymi band, which recently shipped to developers. The Nymi band uses your heartbeat as a totally unique identification system. It’s essentially an electrocardiogram (ECG) system, a fairly old technology that measures the electrical activity of your heart. According to Nymi, everyone’s ECG reading is unique, which makes Nymi’s authentication very strong — you can’t replicate it, since your heartbeat is inside your body.

Here’s how it works: you wear this band, which looks similar to fitness trackers like the Fitbit and Jawbone Up. It measures your ECG once per day to verify you, and then it beams that you are verified to any devices that might want to know. That means your smartphone will unlock as if by magic, you can check in at a hotel or airport just by walking near a scanner, and you can pay for things just by being near a point-of-sale device. All you’d have to do is verify that you want to buy or take some action like checking in, and then without having to sign or enter a password, your identity and thus your purchase is secured. The key with biometrics, says Kagan, is “protecting the user more, and making it easier for the user to implement these kinds of protections.”

Bionym, the company that makes Nymi, is currently working on a pilot program with MasterCard, but they have a long way to go to compete with other technology. Apple’s Apple Pay already has a large built-in customer base simply because so many people have iPhones, and Apple Pay uses fingerprints. And the EveryKey wristband, which recently closed a successful Kickstarter campaign, works by ignoring biometrics altogether. It’s simply a repository for all your passwords, regular old passwords like you’ve been using for years, but it negates the need to actually type them in. Could that mean that people would be more likely to use more secure, randomized, difficult-to-remember passwords? EveryKey hopes so.

Would you wear a bracelet that tracked your heartbeat if it meant you never had to remember another password?