Next-gen security could see human embedded passwords

Password label

PayPal claims the future of security lies in human embedded chips for authentication rather than giving hackers the opportunity to guess obvious word and letter strings.

The company said even emerging tech such as fingerprint scanners - as seen on Apple's iPhones and iPads and Samsung smartphones and tablets - will be phased out alongside retina scanning technology before payment processing services like PayPal will even consider using them.

The reason? They create too many false negatives, so a valid user can't log in, in addition to false positives, allowing unauthorised users to log in.

The answer is authentication devices that can be ingested by humans, it claims. These devices already exist for a range of different medical applications including glucose detection, blood pressure monitoring and digestive health, but Jonathan LeBlanc, global head of developer advocacy at PayPal, has suggested it could be used as an identity validator too.

Another option is a brain chip implant that would allow humans to authenticate themselves to access services.

LeBlanc showcased a presentation entitled 'Kill All Passwords' which explores how passwords will be phased out in years to come.

He listed the most frequently used passwords, including '123456', 'password', '12345678', 'qwerty' and 'abc123', saying 40 per cent of people have a password included in the top 100 passwords list and 14 per cent have a password from the most used 10.

People use these obvious strings is because they often forget them, so want something easy to remember, he said.

"As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use 'letmein' or 'password123' for their secure login, and will continue to be shocked when their accounts become compromised," he explained.

Update, 23/04/15:

PayPal has since been in touch with a statement to make it clear it has no plans to develop such technology itself.

A spokeswoman said: "We have no plans to develop injectable or edible verification systems. It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments.

"We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung. New PayPal-driven innovations such as one touch payments make it even easier to remove the friction from shopping.

"We're always innovating to make life easier and payments safer for our customers no matter what device or operating system they are using."

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.