Slashdot Mirror

← Back to Stories (view on slashdot.org)

Swallowing Your Password

Posted by samzenpus on from the eat-and-login dept.

HughPickens.com writes: Amir Mizroch reports at the WSJ that a PayPal executive who works with engineers and developers to find and test new technologies, says that embeddable, injectable, and ingestible devices are the next wave in identification for mobile payments and other sensitive online interactions. Jonathon Leblanc says that identification of people will shift from "antiquated" external body methods like fingerprints, toward internal body functions like heartbeat and vein recognition, where embedded and ingestible devices will allow "natural body identification." Ingestible devices could be powered by stomach acid, which will run their batteries and could detect glucose levels and other unique internal features can use a person's body as a way to identify them and beam that data out. Leblanc made his remarks during a presentation called Kill all Passwords that he's recently started giving at various tech conferences in the U.S. and Europe, arguing that technology has taken a huge leap forward to "true integration with the human body." But the idea has its skeptics. What could possibly go wrong with a little implanted device that reads your vein patterns or your heart's unique activity or blood glucose levels writes AJ Vicens? "Wouldn't an insurance company love to use that information to decide that you had one too many donuts—so it won't be covering that bypass surgery after all?"

6 of 118 comments (clear)

  1. Silly by Anrego · · Score: 5, Insightful

    The problem with this, and biometrics in general, is that there is only one you.

    You can't revoke your "vein pattern" any more than you can revoke your fingerprint. Using your same biometric information for everything has the same pitfalls as using the same password for everything, and you are just one sketchy gas station away from someone getting a copy.

    If you are going to implant something, why not implant a challenge/response system with a public/private key and strong cryptography, like you know, we've been doing on the internet with a good amount of success. A random very large number is just as good as any biometric information, and at least you can change it.

    1. Re:Silly by msauve · · Score: 4, Insightful

      And what happens when you die, and the executor of your estate can't get access to your records and accounts? Sure, there's legal authority, but good luck making things happen smoothly or timely.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  2. same problem as with any biometrics by roc97007 · · Score: 3, Insightful

    This has the same problem as any exclusively biometric technique -- the user can be compelled to give up their "password" merely by being physically present. "Something you have" can be taken, even if it's your still-living (for now) carcass. "Something you have" should always be supplemented with "something you know".

    The summary rightly brings up privacy concerns but I'd also be concerned about the security of the transmitted data. Like RFID, the information can easily be snooped, and would have to be appropriately encrypted to be useful as credentials.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  3. bypass operation must be covered under ACA by Forever+Wondering · · Score: 3, Insightful

    The heart bypass operation must be covered under the ACA (aka Obamacare). Insurance companies can no longer discriminate based on pre-existing conditions and can no longer impose a lifetime coverage cap.

    That is not to say that the implant idea is a good one for a number of other reasons.

    --
    Like a good neighbor, fsck is there ...
  4. Re:Biometric honesty by Em+Adespoton · · Score: 3, Insightful

    Biometrics are only good so long as the device that reads your pattern is "honest." If you have to inject a device to read your biometric patterns, you could just as easily inject a device that pretends to read your biometrics, but actually copies someone else's.

    Or vice versa: you could ingest a device that pretends to use your biometrics for security validation, but actually copies your biometrics and broadcasts for someone else to spoof or collect for various purposes not approved by you.

    "biometrics" are only metric at the point they're being read -- the resulting hashes etc. are by no means biometric, and are instead a static constant to be used/abused by whomever.

  5. Bigger issues by s.petry · · Score: 2, Insightful

    The biggest issue is that people taut these implanted devices as "safer" than any other alternative. Most of us here can see through the gag, but when they market to the masses will your great aunt have the same ability to know? Perhaps not.

    Most here know that "Strong" authentication requires at least 2 of 3 (something you know, something you are, something you have) and not just one of them. Security experts prefer the something you have over something you are, because we can control and monitor that thing. Something you are can usually be forged easier than a Yubi/RSA key, because high grade biometric scanners are extremely expensive.

    IMHO this is just the latest crazy attempt to get people implanted. Let's not kid each other, that is the goal.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.