Why the Heartbeat Is a Better Security Alternative than Passwords, Fingerprint Technology

  @ibtimesau on

With the increasing volume of data placed online, the need for better security protection for email or social networking accounts becomes stronger. Tech security experts said that the earlier use of biometric features had leveled up from the traditional fingerprint or facial recognition.

The latest technology involves the use of a person's heartbeat. This nextgen security feature is almost impossible to replicate unlike older biometric models, and definitely could not be hacked or guesses unlike traditional passwords and PINs.

The technology was introduced by Bionym, a Toronto-based company that created the software HeartID which uses the reading of a person's heartbeat and then authenticates the user.

The app analyses the pattern of a person's heartbeat, picks out the variation in the waves that create a biometric template distinct to that individual. The template remains distinct even if a person exercises or is stressed which causes the wave to compress but the shape remains the same.

That means the system could recognise a person regardless of his heart rate, said Karl Martin, the president and chief executive officer of Bionym. He said the company is licensing the software to other companies and working to have the app placed directly in smartcards, tablets and smartphones.

The app works by a person simply holding the devices to read his heartbeat through embedded sensor.

Another interesting biometric is the used of moisture on a person's fingertips to act as security for one's online accounts.

BOPTDid's One-Touch Cube, when plugged into a computer, provides online access to Facebook or Twitter account with the touch of a finger, but based the access on the unique sweat glands pattern.

"You cannot steal somebody's sweat gland patterns. You can't lose it, you can't give it away. We believe that it's finally going to be the level of biometrics that everyone can trust to finally eliminate passwords, ID cards, usernames, everything."

The company, based in New York, is coming up with a smaller version of the device that can be attached to a smartphone's bottom.

However, there are some critics who do not doubt the technologies but how these security solutions are implemented. Andy Adler, a professor of systems and computer engineering at Carleton University, compared these new technologies to placing an expensive lock on a shack with broken windows.

He cited one likely problem is getting the initial sample to be used as reference to verify the user. "The whole security infrastructure needs to be well-though through. Otherwise, it'll have a lot of holes in it that can be exploited," Mr Adler said.

New technologies become more relevant due to the recent hacking of passwords that affected Twitter, Burger King and Chrysler. As a result, Twitter advised its members to be smarter in their choice of passwords by combing letters and numbers and using as well characters. The microblogging site also recommended at least 10-characters or longer and to use different passwords for different online accounts.

Some videos on YouTube even feature tutorials on how to hack Twitter accounts such as this one.

However, blogger Bryan D. Earp, writing in Practicalethics, pointed out that the reason people use simple passwords and repeat them across several accounts is that they are not good at remembering. "We've got so much going on that it's very difficult to be bothered about setting up a complex password protection-and-management scheme."

"If Twitter cares about the account security of its millions of users, it should invest in real solutions to the password-hacking problems: solutions that take into account the rangebound psychological architecture of actual, real-life humans. Asking people to memorize multiple sets of long strings of random number-and-digit combinations in order to safeguard their online portals and personal information is a losing strategy," Mr Earp wrote.

He favoured the new technologies that would require no memorisation. I'd very happily press my phalanges onto my phone or computer screen to gain privileged, less-hackable access to Twitter, Facebook, and wherever else. Nothing to remember. Same gesture for every account. No one else can do it," he added.

Join the Discussion