Passwords could be replaced by vein recognition, technology built into pills that are then swallowed, or direct implants into human bodies, according to PayPal.
Existing passwords are weak and easy to forget, and should be replaced by more secure methods, according to a presentation by PayPal’s head of developer advocacy, Jonathan Leblanc. Instead of being a series of characters that users must remember, those replacements would likely include keys that are eaten or implanted, he says.
Security experts have long worried that systems can be compromised as a result of the weaknesses of passwords, which mean that the wrong people can get in and other people can get locked out of their own systems. Some proposals to fix them have included biometric systems like eye scans, but Leblanc says that we will instead have our passwords integrated with our body.
Proposals include vein recognition and heartbeat analysis. The technology could also be built into pills that would be swallowed and then powered by our stomach acid — they would detect the chemical make-up in the stomach of a person, and other information, and check for whether they should be allowed access.
PayPal is working with companies to provide such technology including vein and heartrate recognition, Leblanc told the Wall Street Journal. It is also building other technologies with developers at 24-hour hackathons, he said.
PayPal isn’t necessarily going to adopt those technologies, since Leblanc’s role is more about leading thought than actual technologies, he said. PayPal said that it has "no plans to develop injectable or edible verification systems".
"It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments," the company said in a statement to The Independent.
Cyber security experts said that the proposed authentication systems pose problems of their own.
"These thoughts are not particularly revolutionary. Identification of dogs is already widely implemented in this style through microchipping them," said Eerke Boiten, director of the University of Kent Cyber Security centre.
"For people, this would run up to all the objections they have against ID cards and well beyond, as it would put them in a position where they would likely be unable to disallow, or even detect, being identified. This is already a known objection to biometrics such as facial recognition."
At the moment, users tend to set easily guessable password that can then compromise the rest of the system, no matter how secure it is. As Leblanc notes, 4.7 per cent of users have the password “password”, and 91 per cent of people have a password in the top 1000.
PayPal is part of the Fido Alliance, which is working to make passwords more secure. Other companies in the alliance include Microsoft, which is already working to kill off the password in Windows 10.