Good passwords are hard to remember while passwords that are easily remembered are often just as easily guessed. Therein lies the reason passwords are such a security headache. The race to replace passwords is ever-present in the security industry, and the newest entrant is the smart-watch.

“If the [iWatch] would do nothing but free me from having to enter pass codes, I would buy it even if it couldn’t tell the right time!” says Bruce Tognazzini, usability engineer and human-computer interaction expert.

Tognazzini is perhaps best known for designing Apple’s very first human interface. Yesterday he published an article on his personal blog exploring the possible applications of Apple’s rumored iWatch. The most interesting application, at least in the context of security, is the idea that the iWatch (or any smart-watch for that matter) could somehow replace the password.

His premise is basically that a good smart-watch should be designed with authentication in mind. The watch would communicate via Bluetooth or a near-field communication chip with smartphones, tablets, and computers, verifying the user, and circumventing the need for passwords as long as the device is within range.

For employers or individuals with more stringent security requirements, the smart-watch could be one step in a two-factor authentication process. Tognazzini reasons that watch-based verification systems could be more complex than that too, allowing for simpler authentication if the device knows that a user is in his or her office or home.

There are obviously barriers. Tognazzini believes that Apple or Google or anyone thinking about developing a smart-watch with authentication capabilities would need to consider ways of reestablishing authenticity after a watch has been removed (he suggest biometrics). Otherwise, Tognazzini warns that there could be a rapid rise in what he describes as “violent watchjackings.”

*iWatch prototype photo via  Brett Jordan‘s Flickr photostream, Creative Commons.

Categories: Mobile Security

Comments (4)

  1. Anonymous

    It might be too late to use a watch for this.  I haven’t worn a watch in, probably, 10 years.  In general, all the electronics around me tell me the time.  But, at a more personal level, my cell phone replaced my watch.  What needs to happen is that the cell phone platform really needs to be locked down tightly (security-wise).  Once the phone has confirmed your identity, you could use the phone to authenticate yourself to other computers.

  2. Anonymous

    This is the same issue the Smart Card was supposed to cure and it still gets down to cost, hardware and software. People won’t pay IT department budgets for this or any tech to rid us of passwords. Fingerprint readers are to closest to affordable but are not in common use, now if they were read by a high resolution phone screen or incorporated into the side of a phone then you might have something.

  3. Anonymous

    I see this as more of a personal-use device than for accessing corporate networks — unless BYOD is acceptable.  While many have stopped wearing watches because of their smartphone usage, they might start again if the iWatch were to provide smartphone capabilities — talk, Internet, apps, etc.  However, IMHO, the form factor would likely prevent the iWatch/DroidWatch from being functional as an Internet or app device.  Just having a watch to provide two-factor authentication and talk/text may not be worth the (likely exhorbitant) price.

  4. Ben Ayed

    The iWatch is definately the right move towards enabling the next wave of portable computing.

    Today, the major problem with portable computing – where the phone is the laptop/PC/workstation… – is a) device security (loss theft)  b) session security  (active session attack/user swapping)  c) usability (passwords 20-50 times a day)

    Secure Access Technologies .com has been working on this problem since 2008, and has several hardware and software tokens that provide a) Proximity logout b) Single sign on c) device security.

    We have been using Bluetooth keychains, badges and soft tokens running on smart phones.

    We welcome the iWatch as a new form factor. 

Comments are closed.