Your Heartbeat as Your Password

Heartbeat Biometrics

Your fingerprints, your irises, your voice and your face are all commonly used in biometric systems. Now Researchers have developed a means of turning the unique rhythms of your heart into a password. Heartbeat biometrics could not only be used to replace passwords, but also for encrypting and then decrypting personal data.

Heartbeat Biometrics to Replace Passwords

People are notorious for using weak passwords and using passwords repeatedly across multiple accounts. Consequently, researchers have been looking for a means of removing the need for passwords. Biometric identification is seen as the answer to the password problem. From fingerprints, retina scans to typing metrics, biometric authentication is widely used to allow access to personal data.

Imagine using your heartbeat as your password or as a key to encrypt and store your personal data. You would never again need to remember a username or password.

Basically, scientists are looking at replacing standard passwords and encryption keys with your heartbeat. They derive unique parameters from the distinctive rhythms of your heart and then use these parameters for authentication purposes.

How Does Heartbeat Biometrics Work?

Everyone has a unique heartbeat based on the size and shape of their heart, and the orientation of the valves within their heart. The heartbeat doesn’t change. It may beat faster or slower at any one time, but electrically the beats look the same. Therefore, the speed of the heartbeat does not matter, what matters is the shape of the waves.

The shape of the waves is recorded by taking an Electrocardiogram (ECG) of your heart. Your raw ECG data is then processed, and your unique parameters are identified and saved. As stated by NASA officials in their HeartbeatID solicitation, these heartbeat biometrics can then “…be used in everything from replacing individuals’ PC passwords to [accessing] a bank account,”

According to researchers, using the heartbeat for encryption is by far less computing intensive and uses less energy than using conventional techniques. The method is said to be cheaper and safer than encryption or cryptography.

How Advanced is the Technology?

When comparing the uniqueness of the various types of biometrics available today, retinae biometrics are considered the most unique. Fingerprints are seen as being next and then ECGs. However, ECG metrics are more unique than metrics used in voice recognition.

Several wearable devices, which look like band fitness watches, have been created that use heartbeat biometrics for authentification purposes. With these devices you purportedly just need to put it on and touch it with your opposite hand for a few seconds. This measures your heartbeat and confirms that the right person is wearing the device. For the rest of the day, the device then communicates your identity to whatever system or service you wish to use.

Furthermore, the heartbeat devices work on the concept of persistent identity. With fingerprint readers as used on iPhones, for example, every time you want to use your phone you need to scan your fingerprint again. Whereas with the heartbeat devices, you only need to scan your heartbeat once when you put on the device. You then remain authenticated for the rest of the day until you take it off.

The Problems of Using Your Heartbeat as Your Password

Heartbeat biometrics has one major problem, which is a problem shared by all biometric systems when used for authentication purposes. Regular passwords can easily be changed if they have been exposed in a data breach. However, what happens when your ECG is leaked online? How do you protect all the information you have encrypted using your heartbeat?

Furthermore, the unique patterns recorded on your ECG may change due to age, heart attacks or injury and it is not clear if researchers have found a means to solve this problem yet.

Information technology expert
Grace is an information technology expert who joined the VPNoverview team in 2019, writing cybersecurity and internet privacy-based news articles. Due to her IT background in legal firms, these subjects have always been of great interest to her.
Leave a comment
  1. This has been around for quite a while. Apple has a patent on one scheme, using an “on-wrist sensor”. Caltech/JPL has another for doing it remotely with microwave sensors(HERMA). I’m sure there are others.

    In actual tests, the accuracy is around 80-99% depending on how it’s done. The problem is that 99% isn’t actually very good for most authentication applications. It’s probably fine for access to your online streaming service. It’s probably not good enough for a bank account or your medical information.

    • That’s very true. The technology has existed for some time, as apparent when looking at the Apple watch and other kinds of fitness trackers. It’ll be interesting to see how this technology is now going to be used to replace passwords, for example.

Leave a comment