Log In With Your Heartbeat: The Nymi Band, Hands On

Biometric authentication has been around for years, but for the vast majority of computer and smartphone users, traditional alphanumeric passwords are still the way we secure our data and devices. Why haven't more secure methods like fingerprint readers, voice recognition and face recognition taken off and replaced insecure passwords like the "123456" that millions of us still use?

It's probably because, despite their promise of convenience and better security, many solutions are frustrating, inaccurate and sometimes even less secure than a strong password. Fingerprint readers, like those found on many business notebooks or smartphones, are incredibly convenient when they work—one swipe or touch and you're logged in. However, in reality, today's fingerprint readers are fussy, often taking multiple swipes to read a finger properly. They are also less secure than many people realize; a hacker recently faked a German politician's fingerprint by copying it from high definition public photographs of her.

Toronto-based Nymi (formerly Bionym) believes it has a solution that addresses the shortcomings of other biometric authentication methods. The Nymi band uses the human heartbeat as the unique credential for authentication by measuring a person's ECG (electrocardiogram), a signal that depends on the anatomy of the heart and which Nymi claims to be unique to each individual. Because it's an internal biological function, it's also a lot harder to copy or fake. The video below shows a hands-on demo of how the Nymi Band works:

After putting on the band, it's activated by placing a finger on the sensor. Once activated, if the band is removed (either by choice or by force), the authentication stops. The beauty of the Nymi is that once it is active, you don't have to perform any additional actions to identify yourself, such as swiping your finger. Any device that connects to the Nymi instantly recognizes your identity and lets you in.

The Nymi Band can also be used for more than just logging into a PC or smartphone. Nymi envisions it being used for physical space access, replacing key-cards for opening doors as demonstrated through its partnership with Brivolabs. It can also be used for always-on authentication when using mobile payment solutions, a function it's currently evaluating with MasterCard and the Royal Bank of Canada.

The band Nymi is currently shipping in its $150 Discovery Kit for developers is an attractive and unobtrusive device, but it will need to compete with watches, smartwatches and fitness bands for your wrist's real estate. We'd definitely like to see Nymi license out its technology so other OEMs can integrate it into other wearables. Unfortunately, we were told that this isn't a focus for the company right now.

In fact, Nymi has recently run into some difficulties, and since we met them at CES, there has been a change in corporate direction. Nymi was started in 2013 and has secured a good amount of funding, including $14 million last September. While it has shipped over 600 bands to developers, the planned fall 2014 release to consumers has come and gone. This is despite Nymi having taken over 10,000 orders on its website.

In December, Nymi announced that its band would now be available in early 2015. However, at the end of January a number of employees were let go, including its President, and it announced a strategic shift away from producing a product for consumers to a focus on enterprise customers and partnerships. Despite these changes, the company is still going to continue selling the Nymi Band Discovery Kit to developers on its website, and it remains to be seen how this change will impact consumers looking to get their hands on one. Nymi did just put up a blog post explaining why it hasn't been released to consumers yet.

From the brief demo we saw, we think that Nymi has an interesting solution for identity management. Hopefully, the company will be able to bring a viable product to market, although we still feel that partnering with someone to integrate the technology into a smartwatch or fitness tracker is going to be the best way to get this onto people's wrists.

Follow Alex Davies @alexbdavies. Follow us @tomshardware, on Facebook and on Google+.

  • Adilaris
    I'm really skeptical about this. ECG isn't really a set thing as far as I'm aware and a lot of variants can change it. If you're stressed, angry, taking new medication/sudden health issues? I'd have to see it in action by regular people to believe it.
  • Jim_L9
    Yes, I had cardiac changes due to a RBBB. My ECG changed and I wonder what would have to be done with the device in a situation like that. Could HR use the info to detect a cardiac issue and use that info against you?
  • Reepca
    *Having heart attack*
    *friend grabs my smartphone to call an ambulance*
    *"Heartbeat not recognized"*

    (Do smartphones allow emergency calls without signing in? I dunno, I'm not really a smartphone guy. In retrospect, they probably do. Meh, it makes for a humorous situation to look at anyway)