Wave and enter: The wearable tech set to kill the password and PIN for good

NFC rings, RFID chips and payment wearables are coming
The wearables set to kill the password

Most people don't care if they use simple, hackable passwords – right down to choosing the word "password" itself. We know we'll remember it and just hope a hacker isn't interested in us enough to try to crack it. This is why hackers are still in business.

Online fraud costs the global economy around £60 billion a year, and as this grows, online security ramps up to circumvent the increasingly-cunning cyber crooks. As a result, we're encouraged to use elaborate combinations of lower and upper case letters and symbols, if you dare test your memory.

But the majority of us are still lazy about online security. That means whatever replaces passwords and PINs needs to not only be more secure, but it should be fuss free for the average person to use.

So what does this have to do with wearable tech? Well, the smartwatch, band or smart jewellery you're buying to track your fitness or keep on top of alerts is set to take a big role in authentication; whether that's logging into your online banking, social media or emails, or opening a safe, a door, a gate – even a turnstile. Basically, if you can enter it, there's a case for wearables.

A simple, smart ring

In fact, smartwatches, smart jewellery and fitness trackers have already started to authenticate things that, traditionally, would need a password, PIN or confirmation by the human eye.

Take the Apple Watch for instance. With Apple Pay, the Watch can grant you access to a London bus or tube with the Wallet app, synced to your credit or debit card. It can even get you through airport security with a flick of the wrist, thanks to apps like British Airways' that integrate Apple's Passbook app so it can display your boarding pass.

This is just the start.

The Apple Watch is merely an extension of the iPhone's capabilities, and doesn't function in its own right. A nifty wearable that does, however, is the NFC contactless payment ring Kerv.

It's early days for Kerv just yet, but the ring, which safely passed its campaign target on Kickstarter, is now available for pre-order. The simple and affordable piece of smart jewellery – for men and women – allows you to make payments, validates you on public transport and unlocks smart locks. There are no alerts or fitness tracking as Kerv is focused on just a few key features: payments and ID.

Read this: The best wearable payments devices

Kerv has the edge over the Apple Watch because it doesn't need charging; you are less likely to take it off and have it stolen and, most importantly, it's actually much easier to, say, enter a ticket gate. With Kerv, just give it a Bruce Lee style one-inch punch rather than an awkward Apple Watch wrist twist.

We spoke to Kerv's founder, Philip Campbell, who insisted that wearable tech like his device will become more common as long as infrastructure continues to support it.

"Kerv could replace many forms of authentication, for example, in making payments and in transport, especially mass transit," he said. "This is the key thing because it's something people use every day.

Just give the ticket gate a Bruce Lee style one-inch punch rather than an awkward wrist twist

"It's the same with access control, for example, into buildings. The problem is that the majority of people don't have the tech in their homes to support this so it would have to be installed, which could be expensive. Until that time, there are lots of places like gyms and offices that already have those card access controls and could implement wearable authentication like Kerv instead of ID cards."

Campbell sees this kind of technology as not only replacing PIN or password input, but also being used as a physical device to log into your PC or personal online accounts. Wearables like Kerv could also be used as standard in hotels in the future. NFC is currently being trialled to open hotel room doors and some chains such as W and Marriott have already partnered up with the Apple Watch.

"If you can open your room door with your mobile instead of a key, why couldn't you do it to your ring?" Campbell asked. "To manage a partnership with the Hilton would be great. Imagine it: you'd check in, go in and write room key to your ring. You could also use it to get into football stadiums, sports and music events; that's the goal."

For any of these ideas to really take off and replace the need for passwords, PINs and key cards, though, we need the underlying infrastructure to change. We're talking updated ticket vendors and turnstiles, as well as the gadgets in our pockets and on our bodies.

RFID chips and tech tattoos

The place of biometric measuring wearables in the authentication space is on the cusp of becoming more significant than a simple swipe of a smartwatch.

"Biometrics-based wearables could potentially provide a robust alternative to using passwords and PINs," said Kevin Curran, senior member at the IEEE and senior lecturer in Computer Science at the University of Ulster. "They could validate the identity of users by measuring unique physiological and behavioural characteristics of individuals."

A user could – in theory – choose from a large list of biometric identifiers, including finger, face, retinal scan, iris, vein infrared thermogram, hand geometry and palm print. Or you could opt for a combination of all these identifiers, referred to as multimodal-biometrics, making it much more robust against password thieves. In contrast with passwords and PINs, a biometric identifier cannot be lost, forgotten or shared.

"Behavioural, biometric based wearables are a step in the right direction," added Curran. "They are more than just a one-off identification process, as they would allow for ongoing monitoring of a person's behaviour, for instance, detecting things from the way someone types to the angle at which they hold their phone."

The Swedish co-working space Epicenter is beginning to experiment with something even more radical. Last year, it began trialling a more extreme solution to workplace security. Employees in the building were given the choice to have radio frequency identification (RFID) chips embedded into their hands.

The chips, which store personalised security information, can authorise access to office buildings, IT equipment and personal devices. While this scheme may be too extreme for most companies, subtler iterations – such as digital tattoos – could catch on as a futuristic and fuss-free security check.

MasterCard's big push

To get innovative hardware in the public domain, sometimes the best way is for a big corporation to get behind it; a company that can help turn these ideas from prototypes to useful products in our hands. The good news for the wearable payments industry is that financial services giant MasterCard is partnering with a range of wearable tech startups including smart fitness coach company Moov and smart ring maker Ringly.

Built on the back of the success of Selfie Pay, MasterCard has also teamed up with Nymi, which has created a band that uses electrocardiogram (ECG) heartbeat recognition technology called HeartID to authenticate the user, and is specially designed with NFC capabilities.

The prototype band is linked to the pilot participant's MasterCard account. The user is then able to purchase items at participating retail stores in the US and Europe by holding the Nymi Band up to the tap and go terminal.

But Nymi is different to your average wearable.

"Nymi takes a very detailed medical level heartbeat ECG-type pattern and measures that against you, to know you are that very person that card belongs to, with no phone involved," MasterCard's executive vice president for identity solutions, Bob Reany, told us.

Reany explained that your heartbeat has the advantage of being an internal biometric that cannot be seen with the naked eye, and thus is not left behind in any way. So compared to a fingerprint, your heartbeat is very difficult to reproduce and is resistant to attacks like spoofing.

However, in order for wearable tech to lead the charge in the authentication arena, MasterCard said many current devices need to change a little first. The firm is adamant wearables acting as authentication devices will only strike a chord with consumers if people have no additional action to perform, or no specific effort or expense to go to, to wear and use one on a daily basis.

"We are looking for persistence and multi-function in devices," added Reany. "People are not going to put on something just to be their authentication device. Multifunction has utility to consumers, so those devices that have more than one function, like a watch or clothes. We don't want to make you do something new."

Not the silver bullet – yet

There are plenty of reasons why a piece of wearable tech might not work as a genuine password alternative. It might not be charged. You might forget to wear it. Your app might not be compatible at the venue you're trying to get into, or the shop you're trying to pay in.

"Wearables will play a crucial role in future security," noted Curran, "but they are not the silver bullet for the industry… just yet. They are a potential password killer but those released to date do not yet threaten to kill the password."


  • pkissel says:

    Great article!  I've not seen this angle on wearable tech from other tech websites.  Its a great use case for justifying a wearable (when the underlying infrastructure changes).

  • hitoshianatomi says:

    However nicely designed and implemented, physical tokens, cards and phones are easily left behind, lost, stolen and abused. Then the remembered password would be the last resort.

    And, in a world where we live without remembered passwords, say, where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. It would be a Utopia for criminals but a Dystopia for most of us.

    Incidentally, biometrics are dependent on passwords in the cyber space. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. Passwords will stay with us for long.

    It is too obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords (= what we know and nobody else knows).

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.