PayPal Looks To Kill Passwords With Embeddable, Ingestible Devices

A PayPal executive is highlighting next-generation biometric security techniques that rely on electronic implants or intestible capsules

PayPal is working with companies that want to replace passwords with biometric methods that are more advanced even than the fingerprint techniques becoming widespread today – and which could rely on electronic devices implanted under the skin or even ingested, according to a company executive.

While the company hasn’t committed to adopting such techniques, Jonathan Leblanc, PayPal’s global head of developer evangelism, has begun highlighting them in a presentation given at technology conferences in the US and Europe, called “Kill All Passwords”.

PayPal - Shutterstock - © Gil C

He told the Wall Street Journal that while some of the methods may sound “strange”, there are companies or start-ups behind every idea of product mentioned in the presentation.

The idea of dispensing with passwords entirely is backed by organisations including the Fido Alliance, of which PayPal was one of the founding members, and which counts Visa, MasterCard and many banks among its members. The group is examining ways of standardising biometric-based password alternatives.

For the moment, the fingerprint is the most commonly used biometric technique, being increasingly used to unlock smartphones, but Leblanc said such methods, which rely on the exterior of the body, are “antiquated”, and said the next step is to shift to internal functions such as heartbeat and vein recognition.

Some devices, including cash dispensers, already make use of vein-pattern recognition based on an external scan, but Leblanc said a more secure way of implementing the technique would be internal devices that would monitor heart activity, ingestible capsules that would detect unique features such as glucose levels or brain implants that would track unique brain features.

Physical security

“If there’s a weak password you need to harden that with something physical behind it,” Leblanc told the Journal.

Ingestible devices could be powered by a user’s stomach acid, Leblanc said. He said PayPal is working with companies that are building vein recognition and heartbeat recognition technologies, although for the moment these rely on external bands.

British bank Halifax, as well as Bank of Canada and others, are working with startup Bionym to test heartbeat-monitor bracelets for security.

PayPal is also working with developers on more advanced identification techniques and prototypes, mostly through 24-hour hackathons, he told the Journal. The goal is to “put users in charge of their own security”, he said.

Update

A PayPal spokesperson has said: “We have no plans to develop injectable or edible verification systems.  It’s clear that passwords as we know them will evolve and we aim to be at the forefront of those developments. We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung. New PayPal-driven innovations such as one touch payments make it even easier to remove the friction from shopping. We’re always innovating to make life easier and payments safer for our customers no matter what device or operating system they are using.”

Are you a security pro? Try our quiz!