Could Smart-Watches Replace Passwords as Authenticators?

Good passwords are hard to remember while passwords that are easily remembered are often just as easily guessed. Therein lies the reason passwords are such a security headache. The race to replace passwords is ever-present in the security industry, and the newest entrant is the smart-watch.

Good passwords are hard to remember while passwords that are easily remembered are often just as easily guessed. Therein lies the reason passwords are such a security headache. The race to replace passwords is ever-present in the security industry, and the newest entrant is the smart-watch.

“If the [iWatch] would do nothing but free me from having to enter pass codes, I would buy it even if it couldn’t tell the right time!” says Bruce Tognazzini, usability engineer and human-computer interaction expert.

Tognazzini is perhaps best known for designing Apple’s very first human interface. Yesterday he published an article on his personal blog exploring the possible applications of Apple’s rumored iWatch. The most interesting application, at least in the context of security, is the idea that the iWatch (or any smart-watch for that matter) could somehow replace the password.

His premise is basically that a good smart-watch should be designed with authentication in mind. The watch would communicate via Bluetooth or a near-field communication chip with smartphones, tablets, and computers, verifying the user, and circumventing the need for passwords as long as the device is within range.

For employers or individuals with more stringent security requirements, the smart-watch could be one step in a two-factor authentication process. Tognazzini reasons that watch-based verification systems could be more complex than that too, allowing for simpler authentication if the device knows that a user is in his or her office or home.

There are obviously barriers. Tognazzini believes that Apple or Google or anyone thinking about developing a smart-watch with authentication capabilities would need to consider ways of reestablishing authenticity after a watch has been removed (he suggest biometrics). Otherwise, Tognazzini warns that there could be a rapid rise in what he describes as “violent watchjackings.”

*iWatch prototype photo via  Brett Jordan‘s Flickr photostream, Creative Commons.

Suggested articles

Hey Alexa, Who Am I Messaging?

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.