Forget passwords -- the Nymi wristband uses your heartbeat for security

Toronto-based Bionym is working on a wearable device that uses a person's heartbeat to authenticate their identity

Imagine one day strapping on a wristband in the morning and then opening your smartphone and laptop without passwords, getting into your car without a key and even boarding a plane without your ID or a boarding pass.

That's the future imagined by Andrew D'Souza, president of Bionym Inc., a Toronto-based company working on what he says will be the world's first wearable authentication device.

D'Souza talked about the Nymi, which verifies a person's identity using their unique heart beat, at MIT Technology Review's EmTech conference in Cambridge this week.

"This is pretty unique," D'Souza said in an interview. "Every time your muscles expand and contract there are electrical pulses produced and this allows us to identify a person based on the electrical signals based in the heart.... We're trying to solve the identity problem."

Bionym, a startup that just closed a $14 million Series A round of funding this week, is on track to release the Nymi, which has been in a small beta test, later this fall. According to D'Souza, the company has already presold about 10,000 of them.

If done right, the Nymi could be part of the answer to dealing with the problem of passwords. Too many people still don't use strong passwords, use the same password for every application or service or simply don't use passwords at all.

A wearable authentication device, which communicates with devices and apps via Bluetooth, could get around that issue, said Jeff Kagan, an independent analyst. "Passwords, which we still use today, are yesterday's answer to security," said Kagan. "We need new technology going forward. This sounds like an interesting company trying to solve a growing problem that we're all experiencing."

The Nymi, though, could go beyond getting you into your smartphone or your Facebook account.

According to D'Souza, it also could be used instead of keys. With smart locks, it could work on the front door of your house or the door of your car. It could replace your ID and grant access to company's offices or serve as your ID and boarding pass at the airport.

The wearable also could work with a smart home, alerting devices like a thermostat, music player or coffee maker that you've arrived and they need to change the temperature, play your favorite band or make a cup of joe.

"Our goal is to say if identity could be easy, what types of experiences could we enable?" asked D'Souza. "Make identity easy to make trust easy. Right now, it's hard to establish trust and identity. You won't have to prove who you are anymore."

He noted that the company has been in talks with MasterCard and its partner banks, a few airlines, hotel chains, auto makers and even government agencies.

The device works by checking for the electrical signals from your heart the second you put it on. The electrical signals based in the heart -- different from your heart rate - are unique for each person, like a fingerprint.

"It can tell that it's you wearing the device and then it goes into an authentication state," D'Souza explained. "It becomes secure. It confirms it's on your wrist and it's you wearing the device so it authenticates your security."

If the clasp on the wristband opens or if the wristband is cut, the authentication ends, adding a layer of security to the device.

As for privacy, D'Souza said the user decides what apps and devices the Nymi can connect with. If you don't want the airline or your car to know you're there, they won't.

"This is the future of authentication, taking body signals or markers that only one person has," said Patrick Moorhead, an analyst with Moor Insights & Strategy. "Fingerprint, retinal and vein identifications are here, but require clunky machines to make them work. Wristbands are much more convenient."

The convenience of being able to move about your day without remembering passwords or carrying keys, a credit card or ID might interest a lot of people. "Consumers would flock to a device on their wrists that would securely let them in doors, breeze through airport security and get into your PCs," said Moorhead.

Though he noted concerns about what happens if someone hacks into the device, he still thinks it could limit human mistakes and provide more security than a password -- especially poorly done passwords.

Kagan expects many authentication devices to hit the market in the next several years.

"I don't think any single idea is going to satisfy the entire marketplace," he said. "I think over the next decade we will be playing around with many different solutions. What we will eventually decide on for everyone is still a big question. We will have to wait and see. However, there is a big and growing market, so if it's a good idea, and it works well, and it's priced well, it stands a good chance of succeeding as one slice of the pie."

Join the CSO newsletter!

Error: Please check your email address.

Tags consumer electronicsemerging technologysecuritybiometricsAccess control and authenticationaccessoriesBionym

More about FacebookInc.MITTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sharon Gaudin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts