“‘We’re living in a crazy world,’ Karl Martin says, ‘where, to prove who we are to our computers, we have to remember a long string of letters and numbers,'” David Morris reports for Fortune. “Martin, the chief executive of the biometric identity startup Bionym, is only half right. I’m sure I’m not the only one who has given up actually remembering my passwords and outsourced the job to a password manager. (Current tally: 112 separate strings of letters and numbers.) Experts agree that the only reliable way to secure a password is to memorize it so there is no record. But, really. Come on.”
“Bionym is hoping to shape a more sensible and intuitive way of proving your identity to devices, databases, and financial instruments. In the fall, Bionym will release the Nymi, a wristband that replaces conventional passwords with a reading of a person’s electrocardiogram pattern,” Morris reports. “But Bionym is dreaming bigger. One day, the Nymi could turn out the lights when you leave the house, lock the front door, start your car with a gesture, help a restaurant remember your name, then let you pay for your meal — all with empty pockets.”
“The Nymi has competition for the role in that future scenario. One contender is a small black fob called the AxisKey, made by Palm Beach Gardens, Fla.-based Sonavation, that uses ultrasound to authenticate a person. The device is expected to go on sale in mid-June,” Morris reports. “Both products are touted as more secure than their existing competition in the consumer market — namely, the nearly 90 million iPhone 5s handsets that come with a fingerprint sensor.”
MacDailyNews Note: Please see: Security researcher: Apple iPhone 5s Touch ID is truly better security.
Morris reports, “The Nymi will scan a person’s ECG only when it is worn on the wrist, likely most often in the morning when they are calm and rested. During the scan it will connect with a mobile device and use three-factor security to do so. To pose as a Nymi user, according to Martin, an attacker would need to ‘steal your wristband, and then steal your phone, and then they need to have a false positive [matching ECG pattern].’ And as Lawrence Livermore National Laboratory’s Alan Kaplan points out, ‘An ECG is very difficult to counterfeit.'”
Read more in the full article here.
MacDailyNews Take: Future iWatch/iWallet roadkill and/or Apple acquisition(s).
[Thanks to MacDailyNews Reader “Edward W.” for the heads up.]
Related articles:
Bypassing the credit card: Apple patent application reveals major financial system beyond iWallet – January 30, 2014
Apple patent application reveals secure iWallet system with iBeacon – January 16, 2014
Apple’s massive ‘iWallet’ advantage: Over half-billion active iTunes accounts linked to credit cards – April 5, 2013
Tim Cook as good as confirms Apple prepping mobile payments via Touch ID – January 28, 2014
Security researcher: Apple iPhone 5s Touch ID is truly better security – September 19, 2013
It’s a dark and stormy night as you near the locked door of your home. You feel a touch of indigestion–a heart attack.
Oops! Locked out?
Better still – A man experiences crushing chest pain that radiates into his left arm. He reaches for his trusty, ultra-secure ECGphone:
“I better call 911… Why won’t this stupid thing unlock?!?!?”
Eight days later, a family member finds his body, still clutching his ECGphone.
You can make 911 calls without unlocking your phone.
Or the phone would call 911 when it’s owner is having a heart attack.
This even worse: you do not need to become criminal to get to someone’s house — no need to steal keys or to threaten person to get the keys or to open the door. You just come along with the person and the door will automatically unlock.
Apple will no doubt have similar ideas in mind for iWatch. I expect it to have new security features that, while maybe not sophisticated as this offering, will no doubt add to a more secure iEnvironment. For example, alerting you when your iPhone has gone beyond a certain range from your iWatch.
And people with arrhythmia?
Even better for them, because that would be part of their ECG and make it even more difficult to duplicate/fake.
Why not do a full genomic DNA test comparison?
Imagine Siri’s declining you you access:
Your genome does not match the record I have on file. However I have detected an insertion-deletion (indel) at Scaffold_10_ 19,215,715 as a non-synonymous polymorphism in the fifth exon of a sequence orthologous to PRR7.
Basically you’re screwed—so go hug your children.
LOL sure, if I happened to be a poplar leaf instead of a human
Spot on! It’s the Attack of the Poplar Clones!
Show off! Sheesh, this new generation of biologists! 😉
Experts agree that the only reliable way to secure a password is to memorize it so there is no record. But, really. Come on.
WTF is he going on about? You’re going to have to remember the password for your password manager! Don’t write it down! Hello in there!
…a wristband that replaces conventional passwords with a reading of a person’s electrocardiogram pattern
…Which changes according to your physical exertion and emotional state! It is in no way as individual as a fingerprint. This sounds like a lame marketing sales job to me.
Someone always wants to kill me when I point this out, BUT:
The best security identification includes 3 items, IE uses ‘Three Factor Authentication‘. If you have crucial data for your eyes only, you’re crazy not to use Three Factor Authentication.
1) Something you know. (IE ID and password)
2) Something you have. (IE an identity dongle, such as a YubiKey or that nasty RFID chip the dug in your skull).
3) Something you are. (IE your fingerprint or retina pattern)
http://en.wikipedia.org/wiki/Three_Factor_Authentication
You can kill me now! I won’t be arguing with or replying to negative comments. Message complete. √
We won’t be massing with the torches, Derek. Your sermons are always timely and heedsome.
😀
Awful idea. How can a heart beat be secure compared to a fingerprint which is totally unique to every person on the planet?
Add DNA detection to apple’s fingerprint id software and we would have a unique and almost totally secure system.
guess what samsung is going to announce on their S6?
i guess they can make heart sensor + fingerprint to be very secure??
and always keep the passcode as a backup