Using Your Fingers Instead of Passwords

By Kendra Srivastava

Tablet owners may soon unlock their devices using biometric sensors, as security technology progresses beyond traditional passwords.

Napa Sae-Bae, a graduate student at the Polytechnic Institute of New York University, is creating an iPad app to verify users' hand shape and finger length. Sae-Bae's biometric analyzing algorithm has already yielded a 90 percent accuracy rate, suggesting her innovation may have widespread application when it debuts in a year.

This project improves on Sae-Bae's existing tablet app, which unlocks iPads in response to hand gestures like palm rotation.

"Unlike gestures, fingerprints are physiological physical traits that you can't change," she explained about her current research. "There's the feeling that these are supposed to be secure and private."

Biometric identification research like Sae-Bae's may revolutionize the mobile industry if it succeeds, as consumers demand new and better ways to protect their data against hackers.

A hospital in Canada already uses fingerprint scanners to verify doctors' identities, allowing them to reach medical records with one swipe rather than entering long passwords.

Fujitsu, a Japanese company, is developing another kind of biometric sensor called PalmSecure that recognizes users' vein patterns instead of fingerprints or hand length.

The company maintains that hand veins never change, while fingerprints and other external hand features may fade or scar over time.

Echoing Fujitsu's logic, researchers at the National Chung Hsing University in Taiwan are building heartbeat scanners to identify mobile phone and tablet owners. Every person's heartbeat is unique, making this biological marker an ideal password.

These seemingly foolproof innovations are designed to prevent the increasing incidence of hackers stealing or cracking personal and company passwords. Recent hacks against worldwide governments and corporations suggest no traditional password is safe, not even those at the Pentagon or FBI.

Despite the danger, many mobile phone owners and IT departments still use convenient security codes like "password1" or "1234," leaving them easily susceptible to malicious intrusions.

But while a palm or retina-scanning app may end the need for such passwords, this technology could also backfire.

For example, the facial detection system on Samsung's Galaxy Nexus is easily fooled by a picture, negating its usefulness as a security tool.

Biometric identification may discourage today's hackers more effectively than traditional passwords, but like any security tool it will likely challenge a new breed of hackers to twist it for their purposes.

iPads could scan palms for passwords

By Matt Liebowitz

Like palm-activated ATMs and retina-scanning smartphones, tablet computers like the iPad may soon authenticate their rightful users by reading the unique movement of their hands, not their passwords.

Napa Sae-Bae, a doctoral student at the Polytechnic Institute of New York University, is working to build an app that, using multitouch sensors, will biometrically authenticate tablet users' hand gestures. Her goal, she told NextGov, is for the tablet device to recognize its owner's specific biological traits — their hand shape and finger length, for example — and use those unique characteristics, which do not change, to replace passwords, which run the risk of being cracked.

Although she says it will be at least a year before her app is ready, Sae-Bae has already developed an iPad app that asks users to make gestures on a touch screen, such as rotating an open palm and opening a closed fist, in order to verify their identity. The hand sensor technologies she's using are currently available and already used, in different capacities, on iPads and Android tablets.

She also built a biometric-analyzing algorithm that will be the technological basis of the app; in experiments with 34 people, she achieved a 90 percent accuracy rate in authenticating the hand movements made by each participant, NextGov said.

Sae-Bae's work falls in line with other advancements in biometric authentication that have made headlines in recent months, both for the consumer market and for the government. As part of its human measurements and signatures intelligence (human MASINT) program, the U.S. Air Force has expressed interest in developing security cameras that can detect a suspect's age and ethnicity, and even whether that person is a terrorist smuggling a bomb.

Last month, a Japanese bank announced that beginning in September, it would equip 10 ATMs with biometric sensors that read customers' palms for identity verification.