Can Your Heart Beat the Password?

Since 1964 cardiologists have known that everyone’s heartbeat is unique and influenced by different factors such as the heart’s size, shape and position in the body. So since it is so unique, can your heartbeat be used as a password? Scientists certainly think it is possible.

Unique passwords vs unique biometric identifiers

In 2016 alone more than 4.2 billion records were leaked thanks to the abundance of data breaches. That means usernames and passwords or password hashes. Is your data among them?

In light of this threat, biometrics are considered to be on the way to becoming the ultimate authentication method for digital security. Biometrics advocates certainly do have a very good argument to underpin the use of such authentication systems: biometric identifiers are distinctive, measurable characteristics that can be used to validate the identity of individuals. That was previously the role of the usernames and passwords that were required to grant access to data to only the rightful user, which is especially important if the user wished to gain access to sensitive data or account details.

By utilizing unique identifiers, biometric authentication systems seem to solve the huge problem that internet-based service providers face, namely how to make sure the user that logs in is the rightful person.

One of the earliest biometrics used were fingerprints because they are universal, unique, permanent, and easy to capture. Recently, facial recognition has become more popular, but along with that came the added issue of visible biometrics being easily captured without a user’s consent. There’s also the fact that users can leave certain biometric traces behind – just think about the glass of wine you had at the bar last night, covered in your fingerprints.

While healthy ECG signals from different people conform to roughly the same repetitive pulse pattern, small differences in the overall shape of their waves reveal significant distinctions between individuals. During the authentication process, HeartID is able to eliminate artifacts that result from breathing, body movement and/or an inadequate connection, and focuses on the user’s heart patterns.

In a work environment where a technician performs various tasks, user authentication is validated by usernames and passwords. Nymi aims to streamline the process with HeartID, but the problem with this method is that it needs additional hardware. The Nymi band, the IoT (internet of things) device that incorporates HeartID, and NFC (near-field communication) to transmit user data.

In this case the technician won’t introduce usernames and passwords, they will simply tap against the NFC reader for authentication. HeartID will then confirm that the rightful user is performing the task and transmit the information (which would previously be handled by usernames and passwords) via radio.

The basis of this system is the unique geometry of the heart, which makes for a great differentiator. The advantages of this system are that it is a passive, non-contact device and that it monitors the user constantly.

Biometrics vs passwords

The battle among competing standards is something that makes technology evolve continuously, and deciding which one is better is not for us to say. With that said it is clear that such technology is still a work in progress. At this stage biometrics are not yet ready to fully replace passwords, so until then a combination of the two authentication methods seems to be the best option that technology companies have chosen to go with. If biometric authentication fails, it’s always possible to log in by typing your password or passcode.