Heartbeat Biometrics to Replace Passwords
People are notorious for using weak passwords and using passwords repeatedly across multiple accounts. Consequently, researchers have been looking for a means of removing the need for passwords. Biometric identification is seen as the answer to the password problem. From fingerprints, retina scans to typing metrics, biometric authentication is widely used to allow access to personal data. Imagine using your heartbeat as your password or as a key to encrypt and store your personal data. You would never again need to remember a username or password. Basically, scientists are looking at replacing standard passwords and encryption keys with your heartbeat. They derive unique parameters from the distinctive rhythms of your heart and then use these parameters for authentication purposes.
How Does Heartbeat Biometrics Work?
Everyone has a unique heartbeat based on the size and shape of their heart, and the orientation of the valves within their heart. The heartbeat doesn’t change. It may beat faster or slower at any one time, but electrically the beats look the same. Therefore, the speed of the heartbeat does not matter, what matters is the shape of the waves. The shape of the waves is recorded by taking an Electrocardiogram (ECG) of your heart. Your raw ECG data is then processed, and your unique parameters are identified and saved. As stated by NASA officials in their HeartbeatID solicitation, these heartbeat biometrics can then “…be used in everything from replacing individuals’ PC passwords to [accessing] a bank account,” According to researchers, using the heartbeat for encryption is by far less computing intensive and uses less energy than using conventional techniques. The method is said to be cheaper and safer than encryption or cryptography.
How Advanced is the Technology?
When comparing the uniqueness of the various types of biometrics available today, retinae biometrics are considered the most unique. Fingerprints are seen as being next and then ECGs. However, ECG metrics are more unique than metrics used in voice recognition. Several wearable devices, which look like band fitness watches, have been created that use heartbeat biometrics for authentification purposes. With these devices you purportedly just need to put it on and touch it with your opposite hand for a few seconds. This measures your heartbeat and confirms that the right person is wearing the device. For the rest of the day, the device then communicates your identity to whatever system or service you wish to use. Furthermore, the heartbeat devices work on the concept of persistent identity. With fingerprint readers as used on iPhones, for example, every time you want to use your phone you need to scan your fingerprint again. Whereas with the heartbeat devices, you only need to scan your heartbeat once when you put on the device. You then remain authenticated for the rest of the day until you take it off.
The Problems of Using Your Heartbeat as Your Password
Heartbeat biometrics has one major problem, which is a problem shared by all biometric systems when used for authentication purposes. Regular passwords can easily be changed if they have been exposed in a data breach. However, what happens when your ECG is leaked online? How do you protect all the information you have encrypted using your heartbeat? Furthermore, the unique patterns recorded on your ECG may change due to age, heart attacks or injury and it is not clear if researchers have found a means to solve this problem yet.