Everyone knows the struggle that comes with personal passwords. Security experts advise us to use lengthy and complex passphrases with a combination of alphanumeric characters and symbols that cannot be easily guessed. Yet it seems extremely difficult to heed these warnings, as it’s known our short-term memory can only hold about seven items at a single time. Thus despite these cautions, many of us end up with a password that it is much easier to recall such as CAT1234 than a password that is more secure such as Ci7#km$6. When working in combination with the vast amount of logins that are required of us, from our ATM pin, to our email, to our supermarket rewards card; it becomes practically impossible for us not to fall back on CAT1234 and DOG1234 as our go-to logins for every outlet. Yet experts stand firm that length, complexity, variation and variety are essential for personal security and some websites even require us to change our passwords frequently in an effort to elude cyber criminals. This can in-turn cause more frustration to the user who has trouble remembering this difference between last month’s password and this month’s login. With the popularity of the password at an all time low, many technologies are experimenting with ways to surmount this hurdle.

Bionym recently released a video highlighting their latest device named Nymi, which proposes a solution to our password woes. The video showcases the new wristband product Nymi that claims to be able to identify an individual based on their heartbeat. The technology boasts the promise of secure and continuous authentication using your cardiac rhythm and even features an integrated motion sensor, which could in effect, promise a secure transaction with a simple swipe of your wrist.

We’ve seen attempts like this before with fingerprint and retinal scanning technologies but developers at Bionym say the peaks and valleys of an individual’s heart signature are more difficult to imitate than external features. Still, the technology raises some security concerns:

Signature Variation – Perhaps the user was to develop a heart arrhythmia or be affixed with a pacemaker effectively changing that individual’s heart signature. Would these actions render the device inactive? Or in such a scenario can the device be reprogrammed? If so, the reprogramming feature it would seem, could open the device up to threat of theft.

Cloud Access– Then there’s the issue of the initial device set-up. To access a device users touch the top of the wristband for a few seconds while Nymi cross-references the heartbeat. Once authenticated, the system communicates via Bluetooth to an app running on a designated device. Is the digital profile that is benchmarked as your heartbeat copied somewhere? Does this mean your heartbeat could be stolen over Bluetooth? It’s a little bit scary to think about.

One Size Doesn’t Fit All – Finally, this technology seems to violate the secure password laws of variety and variation. Without an illness or ailment it would seem your password would remain the same and that it would be the same password for all devices, opening up the possibility for a hacker to access every one of your accounts if they were somehow able to access your electrocardiogram signature.

While the idea of a wearable heartbeat password seems novel, it is not without its faults. Depending on the outlet one wishes to access, a heartbeat signature may seem like overkill. However, when we consider the more valuable assets at stake like our bank accounts and in the corporate world, government data and assets that if exposed, could threaten our national security; the security of a device needs to be airtight. Due to the vulnerabilities that come with variable heart signatures dependent on a user’s health and the dependency on Bluetooth technology it seems this device is better suited as an option for a second level of authentication rather than a primary all-in-one password solution.