New Tools for Fighting ID Theft
How facial recognition and heart-rate scanning will become the norm for verifying your identity
En español | What if we had a key to our computers that was more secure than a password, something that no one could steal or replicate? We already do, and it's you. It's part of a science called biometric authentication. Technology companies are developing tools that use fingerprints, voice recognition, eye scans and facial recognition, and even a quick analysis of your physical behavior — the way you tap the keyboard or move your mouse — to serve as a gate to your accounts or an alert that an unauthorized user has gained access. Here's a look at some of the technologies soon to replace — or augment — your passwords.
Some flagship Android phones have been enabled with facial recognition tools since 2011, though the early software was insecure — a mere photograph of the correct face could often crack into accounts. Now, with Apple's Face ID for the most advanced iPhones and iPads, facial recognition has been rolled out en masse like never before, and it's more advanced and secure.
The popularity of this tech can be attributed to a simple factor: Nearly all devices today — phones, tablets, computers — have cameras. “A single image can be sent to our servers and then encoded into an algorithmic array of numbers to verify and do recognition on a face,” says Stephen Moore, chief scientific officer for Kairos, a leading facial recognition company.
In Sweden, A Chip Implant Eliminates the Need for Credit Cards, Cash
The day of having a microchip implanted in your body has arrived. In Sweden, thousands of citizens have implanted this tiny tech that can exchange data using signals, eliminating the need to carry keys, passes and credit cards. The chip can also store data, like your contact details and blood type. The chips are no bigger than a grain of rice and are inserted with a needle into the hand, usually between the thumb and index finger.
At Epicenter, an innovation center in central Stockholm, many on-site workers have microchip implants. “I use it to open doors, to operate the printer and to buy stuff,” says Per Söderström, 63. “I don't want to carry around all my keys and credit cards as well as cash,” he adds, as he grabs a can of Coke out of a vending machine, a transaction he completed by swiping his hand across a card reader.
To some, this may be the ultimate security: An implanted chip can't be lost or stolen. But risks remain. “Chips can be hacked,” Söderström says. “For instance, someone who has an NFC [near-field communication] reader on a cellphone could place it against another person's chip and read the information off it."
Hannes Sjöblad, founder of the chip implant design agency DSruptive.com, says it is possible to hack or copy a microchip, but “this is not in any meaningful way different from someone hacking or copying a door badge.”
But Ben Libberton, a science communication officer, has reservations. “My main worry,” he says, “is that we're becoming more and more willing to sacrifice privacy for convenience."
The downside? Not all companies are scrupulous about who they'll share or sell your data to. Last year, for example, Amazon pitched its facial ID tech to the U.S. Immigrations and Customs Enforcement, raising concerns about security. As companies make deals with the government, cops can run facial identification scans on people driving down the road or walking by on the street.
The way you use your devices — the precise way you swipe at your smartphone screen, the angle at which you hold it, your typing speed, how you move your mouse, and even the way you scroll down a screen — is unique to you.
Track this over time, and patterns of behavior emerge. Some cutting-edge apps and websites can track your computer behaviors as a means of continuous authentication. “When you log on to a site, you're jumping through a single hoop to get authenticated with a password,” says Jordan Blake, vice president of products for BehavioSec, a behavioral biometrics company based in San Francisco. “After that, they tend to leave you alone; there's not really additional authentication. With this next generation, instead of one secure door at the beginning of a session, we continue to watch you the entire time.”
This technology is particularly sophisticated on smartphones, which have gyroscopes that can measure how you hold your phone, screens that respond to varying pressure from your fingers, and accelerometers that can measure whether you tend to walk or sit while interacting with particular sites.
You ring up a call center. On the other end of the line, there's an operator, but there's also a computer analyzing your voice as you ask to access your account; the sound of someone else's voice would trigger a warning to the system. This technology is being used by banks, medical groups and telecommunications companies.
Beyond protecting your accounts from unauthorized people, voice authentication also benefits the legitimate caller. “It's convenient because you don't have to provide all this personal information to agents on the phone — giving your birth date, mother's maiden name or a PIN,” says Roanne Levitt, director of product management for Nuance Security and Biometrics, a global company headquartered in Burlington, Mass., that develops voice authentication software.
Your heartbeat's electrical rhythm is unique to you, whether you're sitting still or taking a brisk walk, meaning that an electrocardiogram scan could authenticate your identity. ECG monitors are being incorporated into watches and wristbands, which can communicate with other devices via Bluetooth.
AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free Watchdog Alerts, review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.