The future of authentication could involve biometric identification enabled by tiny ingestible and embeddable devices, according to PayPal.
The firm’s global head of developed evangelism, Jonathan LeBlanc, claimed in an interview with the Wall Street Journal that traditional biometrics like fingerprints and iris scans have become “antiquated” and could be replaced by systems placed inside individuals to allow “natural body identification.”
Their batteries could be powered by stomach acid and could monitor unique traits like glucose levels or blood pressure, in order to verify a person’s identity and strengthen traditional passwords, he said.
Other solutions could involve wearable “tattoos” incorporating a computer chip placed under the skin, embedded wireless antenna to beam out information, and various sensors for temperature, ECG activity and so on.
Traditional biometrics trialed thus far have too many false negatives and positives, he argued.
However, not everyone agreed with LeBlanc’s vision for the future.
Matt White, senior manager in KPMG’s cyber security practice, argued that establishing consumer trust will be the biggest barrier to adoption of new biometric authentication methods.
“Trying to convince the average person to implant a piece of technology to increase security of their perceived already secure account is a battle unlikely to be won,” he added.
“Rather than spending money on developing more advanced biometrics, companies should look to invest that money in user awareness and training, which will provide their users with added security.”
In fact, PayPal also distanced itself from LeBlanc’s future gazing comments, confirming that it has no plans to develop injectable or edible verification systems.
“It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments,” it added in a statement sent to Infosecurity. “We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung.”
In related news, new research from Kaspersky Lab this week once again highlighted the problem of user education and awareness when it comes to log-in security.
Some one in five consumers surveyed said they saw no value in their passwords to cyber-criminals, while only a quarter (26%) said they create a separate password for each account.
Some 11% said they keep passwords in a file on the device, 10% leave them on a sticker next to the computer and 17% share passwords with family and friends.
Marta Janus, security researcher at Kaspersky Lab, argued that passwords are “severely flawed.” However, two-factor authentication systems using one-time generated passcodes sent to the user’s phone are not much more secure, she told Infosecurity.
“For service providers and device manufacturers the key is to provide mechanisms that improve security, but without making it too onerous to apply them. It’s also important that providers, security vendors and others highlight the need for such mechanisms to consumers,” she added.
“For example, one of the benefits of biometrics is that it increases security but without making access to the service harder. Take Apple’s Touch ID as an example: I suspect that relatively few people used to use a complex passcode, because it was too much effort; but I think that probably most people use the fingerprint scanner.”
LeBlanc’s presentation on authentication, Kill All Passwords, can be found here.