Skip to main content

Brett Beranek, marketing manager of Nuance Communications, speaks ‘My voice is my password’ into his phone at their offices in Montreal.

CHRISTINNE MUSCHI/The Globe and Mail

If Karl Martin has his way, the only password you'll ever need is your heartbeat.

The chief executive officer of Toronto-based startup Bionym is part of a group of researchers and executives trying to kill one of the most persistent features of digital life – the text password.

"I think people are fed up," he says. "This is getting worse and worse – you have a password for every account, a lot of 12– or 16-digit passwords. People are throwing their hands up."

Story continues below advertisement

Quietly, a movement is taking shape within the technology industry to finally kill off the traditional password – driven not only by growing consumer outcry, but also the twin scandals of high-profile hacking incidents that exposed customer information at major corporations such as Target, as well as the Edward Snowden revelations about the extent of digital government surveillance.

The flaws of traditional computer security once again came under the public spotlight this week, after security experts revealed the existence of a flaw called "Heartbleed." The bug, considered one of the most significant security weaknesses in recent history, Heartbleed affects the encryption used to protect some of the most sensitive data on the Internet, including passwords and personal information.

However, there are a number of technology companies trying to replace text passwords entirely with everything from fingerprint readers to voice recognition systems to cardiac rhythm monitors.

Nuance Communications, for example, is currently pushing a "voice biometrics" solution that has proven popular with corporate clients such as some major Canadian banks, says Brett Beranek, the company's solutions marketing manager.

The system, developed in part by Canadian engineers, authenticates a user's identity by measuring some 100 different variables that together contribute to making every individual's voice unique – from the width of the larynx to the size of a speaker's teeth.

As Mr. Beranek notes, voice biometrics have proven popular with some big companies in part because they make it easier for customers using a call centre to authenticate themselves without having to type a password on their phone's keypad. But the system is also useful because, even if accessed by an unauthorized party, the voice biometrics database contains no information that can be easily used elsewhere, unlike traditional text password databases – especially ones that don't encrypt the data.

Toronto-based Bionym takes yet another approach. The company's researchers have developed a bracelet that authenticates a user based on the unique rhythm of their heartbeat. As long as a person wears the bracelet, they are constantly logged in, with no need to enter any passwords. The system can potentially be used for everything from opening a home's front door to alerting a store owner when a certain customer arrives. Whenever someone removes the bracelet, it shuts down, making it virtually useless if stolen.

Story continues below advertisement

"We can put the equivalent of a 128-character password on your wrist that you don't have to remember," Mr. Martin says.

Over the past decade, the lowly computer password has morphed into a complicated mess. Online banking and other high-value transactions have prompted web services to demand that their users employ longer and increasingly more convoluted passwords – which are easily forgotten. In addition to length and complexity, the average user now often has to keep track of a dozen or more passwords to access everything from Facebook to an in-car Bluetooth connection.

But despite the massive store of sensitive information those passwords protect, all indications are that users still opt for the simplest passwords possible. By analyzing stores of login data, researchers repeatedly found that the most common PINs and passwords invariably include "1234" and "qwerty."

For decades, researchers have worked on other means of authenticating users. But it's only recently that the technology industry has started seriously considering alternatives to the text password. Last year, Apple introduced a new iPhone with a built-in fingerprint reader, joining a number of laptop manufacturers that have done the same. The move came around the same time that a number of high-profile hacking incidents (and, subsequently, Mr. Snowden's revelations about government hacking) left customers worried about the reliability of their traditional login information.

But perhaps the biggest boost to alternative password technology came with the creation of the Fast IDentity Online Alliance in the summer of 2012. Made up of some of the industry's biggest names, including BlackBerry, Microsoft and Google, the FIDO Alliance was created to help push for other types of authentication. In February, the group announced its first major deployment – a system that lets users verify digital payments through PayPal by using the fingerprint reader on the new Samsung Galaxy S5 smartphone.

"While this first deployment of FIDO Ready technology leverages a biometric – a simple swipe of a finger – we anticipate FIDO authentication to emerge in many forms and applications," FIDO president Michael Barrett says.

Story continues below advertisement

Ultimately, for the technology to finally become commonplace, it is the industry that will have to push for alternatives to the traditional password, Bionym's Mr. Martin adds.

"When Canada switched from the dollar bill to the loonie, some people complained, but the government just stopped printing the bill," he says. "I think some changes have to be forced a little bit because, in the case of passwords, the service providers know that the current system is broken."

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter