The importance of finding an alternative security standard the traditional password has never been higher, given the rise in mobile payment technology. Now PayPal's global head of developer advocacy, Jonathan LeBlanc, has outlined some potential solutions in a presentation called "Kill all Passwords".
We may already be starting to get used to the idea of using fingerprints to access our smartphones and other devices, but these are not failsafe. LeBlanc is keen that we look inwards for alternatives. In particular, he says, there is a need to quash the rates of false negatives that stop valid users from logging in and false positives that allow invalid users past the firewall.
The answer lies in users being able to use brain implants, heartbeat monitors and vein recognition to assert their identity, LeBlanc suggests. In an interview with the Wall Street Journal, LeBlanc also said that ingestible authentication devices could contain batteries that would be powered by stomach acid. In the presentation, he compares the concept to existing medical "ingestibles" that can be used to monitor blood pressure, digestive health and glucose levels in diabetics.
Other solutions could involve silicon chips being embedded under the skin or "wearable computer tattoos". A picture of one of these in the presentation shows various sensors including temperature, strain gauges and ECG monitors incorporated in chip inserted under the skin with a wireless power coil and antenna also built in
PayPal is just one industry expert among many with a focus on biometric security. The company is a member of the FIDO Alliance, a coalition of companies that includes the likes of Samsung and Qualcomm who are working towards building a secure protocol that can be used with a range of different "authenticators" to keep our data safe.
Fundamentally the FIDO protocol is based around the idea that there is no value for hackers in tapping into the back end of the system -- all of the value is placed in the transaction that happens in the front end, where a user asserts their presence through their fingerprint, their heartbeat or any other biometric identifier.
Despite expressing enthusiasm about biometrics, LeBlanc has been cagey about which technologies PayPal wants to introduce to the market. "I can’t speculate as to what PayPal will do in the future, but we’re looking at new techniques -- we do have fingerprint scanning that is being worked on right now -- so we’re definitely looking at the identity field," he told the Wall Street Journal.
While much biometric technology is still at concept stage, the biohacking community is already experimenting with it. Security company Kaspersky announced back in February that it was partnering with the BioNyfiken hacking collective to research the potential for smart, sub-dermal implants.
"The technology is already happening," said Hannes Sjoblad, one of the founders of BioNyfiken, when the partnership was announced. "We are seeing a fast-growing community of people experimenting with chip implants, which allow users to quickly and easily perform a variety of everyday tasks, such as allowing access to buildings, unlocking personal devices without PIN codes and enabling read access to various types of stored data."
Update (21.04.15): A PayPal spokesperson tells WIRED.co.uk: "We have no plans to develop injectable or edible verification systems. It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments. We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung. New PayPal-driven innovations such as one touch payments make it even easier to remove the friction from shopping. We’re always innovating to make life easier and payments safer for our customers no matter what device or operating system they are using."