Your Heartbeat As Your Password

Natasha Loma introduces the Nymi:

The wristband relies on authenticating identity by matching the overall shape of the user’s heartwave (captured via an electrocardiogram sensor). Unlike other biotech authentication methods — like fingerprint scanning and iris-/facial-recognition tech — the system doesn’t require the user to authenticate every time they want to unlock something. Because it’s a wearable device, the system sustains authentication so long as the wearer keeps the wristband on.

Dan Goodin worries about security:

Alas, there’s not enough information available about the Nymi’s inner workings to know if it is truly groundbreaking or another dose of the kind of snake oil that’s all too common in the security circuit.

Karl Martin, CEO of the Nymi creator Bionym, said the device hasn’t yet undergone a formal security audit. That means even he can’t say just how impervious it is to the kinds of sophisticated attacks that would inevitably target a universal sign-on gizmo, although he gave some high-level details that are encouraging. That said, there are several classes of hacks that might be used to compromise the security assurances of the device.

Francie Diep has other questions:

When I asked independent researchers if they had any concerns about Nymi, the one thing they brought up was that it’s not clear how accurate the wristband will be at identifying users. Bionym worked with the University of Toronto to test Nymi’s ECG-IDing accuracy in more than 1,000 people, Martin says. They’ve found Nymi is comparable to fingerprint recognition and more accurate than facial recognition. They will test its accuracy further this fall.

However, such results aren’t published yet in the peer-reviewed literature. What has been published indicates it’s “premature” to say an ECG identification scheme can compare to fingerprints and facial recognition, says Kevin Bowyer, the chair of the computer science department at the University of Notre Dame.