90.9 WBUR - Boston's NPR news station
Top Stories:
PLEDGE NOW
Here and Now with Robin Young
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science

Heartbeats Could Replace Passwords

(Its.MJ/Flickr)

(Its.MJ/Flickr)

The average person has 30 to 50 accounts requiring a password, but uses only about five different passwords. And the most common password is still “password.”

Security experts say people should use a different password for each account, with each password at least 14 characters long.

Instead of memorizing all those passwords, what if the key to unlocking everything could be linked to something unique about you — like the rhythm of your heart?

That’s what biometric researchers in Toronto have come up with.

Like fingerprints, heart rhythms are unique. The peaks and troughs mapped out by an electrocardiogram are affected by the heart’s unique characteristics, including size and shape.

A company called Bionym is working to make passwords obsolete by using a person’s heart rhythm as a biometric pass code.

“We put this into a wristband so that when you put it on, it knows that it’s you,” Bionym CEO Karl Martin told Here & Now. “And then it can communicate your identity to systems in a secure manner around you.”

  • If you could replace all of your passwords with something biometric, like your fingerprints or heartbeat, would you? Tell us on Facebook or in the comments.

Interview Highlights: Karl Martin

Privacy concerns

“We’ve designed the system so the user has complete control over their data and their identity. Everything requires opt-in. They know where their data is going, and they can revoke that if they want.”

How it could be breached

“If you compare it to say fingerprints, you leave your fingerprints everywhere. It’s really not that difficult for somebody to get your fingerprints. But for somebody to get your cardiac rhythm, you’d actually have to have to be touching a sensing surface of some sort. You’d have to be unaware, so that somebody is doing this without you knowing it.

What happens if you die

“That’s a problem that we don’t solve. And I would say that’s actually a major problem with the digital world everywhere, whether it’s your passwords you took with you, or your biometric that you took with you. I think concepts of digital wills and how you manage that are things that really need to evolve. And certainly, when you’re tying your data to a biometric of your beating heart, I think that problem becomes more obvious, but it’s definitely not a new one.”

Guest:

Transcript

JEREMY HOBSON, HOST:

And while we're talking tech, Robin, I just want to ask you: How many passwords do you think you have?

ROBIN YOUNG, HOST:

Oh, 93.

(LAUGHTER)

HOBSON: A lot. Well, actually, the average is about five, even though they say you should have far more than that. I have dozens of accounts. I probably have about five, also average. But what if instead of remembering all those passwords, you could link all your passwords to something unique to you that you wouldn't have to remember, like your heartbeat?

Well, Karl Martin of the tech company Bionym has some new technology that does just that, and he joins us now from Toronto. Welcome.

DR. KARL MARTIN: Hi, Jeremy. Thank you.

HOBSON: Well - so, first of all, explain this technology and what you're trying to do with it.

MARTIN: We are developing a wristband called the Nymi. And what the Nymi does is it actually biometrically authenticates the wearer using their unique cardiac rhythm. So...

HOBSON: Meaning their heartbeat, basically.

MARTIN: Yes, their heartbeat. So this is what you call the electrocardiogram. That's the thing you see doctors pick up on the chest. But we can actually pick this up on different parts of the body. So when you put it on, it knows that it's you, and then it can communicate your identity in a secure manner to devices and systems around you.

HOBSON: Like your phone or an ATM machine, or something like that.

MARTIN: Exactly. Every time you use a password or a PIN and - all those points in your day are points of friction. If you imagine you have our wristband you're wearing all day, you don't even have to think about it, and you can have automatic access.

HOBSON: Now, the idea that you'd have to wear a wristband makes me think of some other technology, like 3-D glasses, which people don't seem inclined to wear. Do you think that you're going to face a hurdle in getting consumers to want to wear a piece of technology like that all the time?

MARTIN: Absolutely we see that. And as we release this product soon, we expect early adopters, people, gadget freaks and developers who will be most interested initially. So we're really showing that it can be done in the wristband. We think we might go through a few generations before probably there'll be some convergence with smart watches. But it's really about showing those early adopters to say, hey, this is something that's going to change the way you think about identity.

HOBSON: Now, this does bring up the issue of privacy, of course...

MARTIN: Oh, yeah.

HOBSON: ...the idea that some computer somewhere or the cloud can access all of your stuff. It seems a little scary, especially given all the NSA things that are going on.

MARTIN: Absolutely. And as we were conceiving this product, we knew right from the get-go that privacy would be a key concern. So we've actually followed a principle called privacy by design, and this is actually a framework developed here in Ontario by our privacy commissioner. So right at a low level, we've designed the system so the user has complete control over their data and their identity. Everything requires opt in. They know where their data is going, and they can always revoke that if they want.

HOBSON: Now, forgive me if I'm being a little too Hollywood producer here but, I mean, could somebody go in and get your heart rate, copy it and then create something that tricked this device, this Nymi that you've created?

MARTIN: Right. So I would never say it's impossible. But if you compare it to, say, fingerprint, right, you leave your fingerprints everywhere, right? It's really not that difficult for somebody to get your fingerprints. But for someone to get to your cardiac rhythm, you'd actually have to be touching a sensing surface of some sort. You'd have to be unaware, so that somebody is doing this without you knowing it. So while it's possible, it's highly unlikely. And they'd have to then reproduce that and mimic the way the body produces it.

HOBSON: Well, I feel like if you can create this technology, somebody can probably create some technology that can mimic your heart rate. But we'll leave that to the future.

(LAUGHTER)

HOBSON: So my last question is what if you die? What happens to all of your stuff because nobody would be able to access it without your cardiogram?

MARTIN: Right. So that's a problem that we don't solve. And I would say that that's actually a major problem in the digital world everywhere, whether it's your passwords that you took with you or your biometric that you took with you. I think, you know, concepts of digital wills and how to manage that are things that really need to evolve. And certainly it - when you're trying your data to a biometric of your beating heart, I think that problem becomes more obvious. But it's certainly not a new one, and we definitely have to think about how to work that out.

HOBSON: Well, Karl Martin, CEO of Bionym, thank you so much for talking with us.

MARTIN: Thank you, Jeremy.

HOBSON: And you're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.


Please follow our community rules when engaging in comment discussion on this site.
Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

November 19 9 Comments

New Film Revisits The Jerry Sandusky Sex Abuse Case

The Penn State assistant football coach will likely spend the rest of his life in prison, but that's not the end of the story.

November 19 205 Comments

Without Slavery, Would The U.S. Be The Leading Economic Power?

Edward Baptist argues in his new book that slavery was integral to establishing the America as a world economic power.

November 18 3 Comments

Outspoken Olympic Runner Nick Symmonds Pens Memoir

The track star has won his share of races, but he often gets as much attention for what he does off the track as what he does on it.

November 18 37 Comments

Texting And Driving: Are We Powerless To Change Our Ways?

A new book by Pulitzer Prize-winning journalist Matt Richtel chronicles the groundbreaking case of Reggie Shaw.