Bionym bracelet promises to replace passwords with ECG biometrics
Until the battery dies or heart gives out, that is
Bionym, a startup from the University of Toronto, is looking to banish password woes with a bracelet that handles authentication by monitoring your heartbeat.
Password that's closer to wristy than handy
The Nymi device uses electrocardiogram (ECG) sensors in the top and bottom of the bracelet to build up a unique password based on your heartbeat. Everyone's heartbeat is subtly different and the device can, it is claimed, build a unique password system about this.
Once this has been established, the bracelet can then broadcast this password via Bluetooth to devices that carry the authentication application, when in range. Bionym has also built in an accelerometer and gyroscope to allow for gesture controls, and the team claims that there are hardware functions that stop any password being slurped by passersby.
The device went on preorder on Tuesday for an introductory price of $79 for the first 25,000 punters; just under a thousand have signed up so far, with the unit going on general release next year for $99 per bracelet. It will be available in black, white, and orange.
It's a cute idea, but like so much of biometric security, the devil is in the details. Biometric systems are usually plagued by false positive readings, and while this might not be an issue in this device, we can see a few problem areas.
For example, if you're using the Nymi to log into your phone and suffer a heart attack would you be locked out of calling your doctor? Similarly, battery life will be something to check – lose power at a crucial moment and you could be left locked out of all your devices, including your car, according to the promotional video.
Passwords are a necessary evil in this world, and hardware devices to handle them are nothing new. While the Nymi looks promising, El Reg will wait for some more details before drinking the ECG Kool-Aid just yet. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust