The first computer passwords were introduced in the early 1960s, thanks to an MIT computer scientist named Fernando Corbató. These new digital keys were useful, but also kind of a pain. There were regular security breaches, and people hated having to memorize multiple passwords for multiple accounts.
More than 50 years later, not much has changed. High-profile companies are still plagued by hackers, and millions of our accounts are breached each year. And it’s no wonder—our most commonly used passwords are appallingly simple: 123456 and password topped last year’s list. Corbató calls the current state of Internet security a “nightmare,” admitting even his own list of passwords is three typed pages long.
Luckily, there are a number of cool projects in the works aimed at replacing the classic PIN. Here are a few.
1. Your Brainprint
Maybe you still get a little giddy every time you unlock your phone with your fingerprint. If so, prepare to be amazed. Researchers from Binghamton University say your "brainprint"—the unique brainwave reaction you have to certain stimuli, like words—could someday be used to unlock our accounts and devices. In a new study in the journal Neurocomputing, a computer was able to identify volunteers by their brainprints with 94 percent accuracy. Brainprint passwords won’t become ubiquitous any time soon—right now they require users to strap some electrodes to their head—but they could be used in "high-security physical locations" like the Pentagon, researchers say.
2. Your Heartbeat
Like your brain, your heartbeat also has its own unique signature in the wave patterns created by your heart’s electrical activity. A startup called Bionym has created a bracelet that turns this signature into a key. Once you snap the Nymi bracelet on, it uses an electrocardiogram sensor to verify your identity. The idea is that the bracelet would then sync with other devices, from your computer and phone to your car door and hotel room. You wouldn’t have to authenticate every time you want to unlock something, as the bracelet keeps you “signed in” until you take it off. A built-in motion sensor means you could unlock different objects with a specific twist of the wrist. But the future of Nymi will depend on its creators finding partners and developers who want to incorporate its functionality into their designs. Until then, it’s just another smart-ish bracelet.
3. Your Face
Unlike heartbeat and brainprint authentication, facial recognition is already fairly easy to implement. Earlier this year Intel released True Key, a password manager app that uses your unique facial characteristics to verify your identity. The app takes a photo of your face and remembers your features, “like your facial math—the distance between your eyes and your nose.” True Key works on Windows computers and Android devices but not yet on Apple products. It will be free to use on 15 websites but $19.95 a year for any more than that.
4. Your Google Searches
A project called ActivPass would use your digital activity, and your own recollection of that activity, to confirm your identity. The project comes from researchers from the University of Illinois Urbana-Champaign, the Indian Institute of Technology Kharagpur, and the University of Texas at Austin. They created an app that monitors smartphone activity, as well as an algorithm to mine that activity for events that could be used as passwords. For example, ActivPass might ask you who the first person to message you this morning was, or what terms you Googled yesterday. The questions have to be unique enough that no one else could answer them, but not so obscure that they can’t jog a user’s memory.
The researchers found we’re pretty bad at remembering anything after about a day, so recent activity is the most useful. The questions generated by ActivPass worked effectively as password prompts, and users produced the right answer 95 percent of the time.
5. Sound Verification Between Your Computer and Your Phone
Early last year, Google acquired a startup called SlickLogin that wanted to use sounds as passwords. The application was a bit complicated: when a user wanted to be authenticated, a website would play a nearly inaudible, unique sound that would be picked up by an app on the user’s phone. The app would recognize the sound, therefore confirming a user’s identity and that their phone is in the same room as their computer. Right now, it’s not entirely clear what Google plans to do with SlickLogin.
6. The Veins in Your Palm
In April, PayPal’s global head of developer evangelism, Jonathan Leblanc, suggested our unique vein patterns could kill the traditional password. A tool called BiyoWallet is already on it, letting users pay for things at retail shops by placing their palms on an infrared scanner. “Palm vein patterns are secure because you can’t leave traces of your palm vein patterns like you can with fingerprints, and recreating a hand with flowing blood is practically impossible,” says BiyoWallet’s website.
7. Your Stomach Acid
Motorola has created a “vitamin” that could turn an entire person into a walking authentication device. The high-tech pill is activated by stomach acid and emits a signal to communicate with various devices so long as it’s still inside your body. “It means that my arms are like wires, my hands are like alligator clips—when I touch my phone, my computer, my door, my car, I’m authenticated in,” Regina Dugan, former director of the U.S. Department of Defense’s Defense Advanced Research Projects Agency and now head of Motorola's Advanced Technology and Projects, told Entrepreneur. Sound ultra-futuristic? The vitamin is already FDA approved.
8. Electronic Tattoos
Stretchy, sensor-packed materials applied to the skin could also be used to identify a human being in place of a password. Motorola is already working on this with a company called MC10, which has been making what’s known as the “Biostamp” since 2012. The Biostamp looks like a temporary tattoo and is filled with flexible electronics that can bend and stretch with the skin. It monitors and transmits information about its wearer's vital signs, including pulse and blood-oxygen level, body temperature, blood pressure, and even electrical activity in the brain and heart. This could be incredibly useful for health monitoring, but Motorola sees a different potential. "What we plan to do is work with them to advance a tattoo for authentication," said Dugan. “10- to 20-year-olds might not want to wear a watch on their wrists, but you can bet they will wear a tattoo—if only to piss off their parents.”