Using your FitBit to login? Anything is possible


Did you know that each individual has a unique heartbeat? Researchers from the University of Toronto (Foteini Agrafioti and Karl Martin) have fitted a watch with an electrocardiogram (ECG) sensor to scan your heartbeat and compare it to a database of pre-recorded cardiac rhythms for a match. If successful, this can be used to authenticate the user for email, online banking etc. This is called Nymi, created in 2011 and has been successfully trialled by the Royal Bank of Canada and Halifax – Lloyds Banking Group. If this takes off, every smart watch may be used for user authentication (e.g. Fitbit)

The good: Seamless user experience, less reliance on passwords, works even during elevated heart-rate

The bad: False positives, man-in-the-middle attacks (from continuous authentication), competition against Apple Pay

The overall: Wearable technologies will disrupt the way in which we carry out our everyday tasks. Great competition in this area will hopefully result in a better overall experience for the end user.

For more reading:

3 thoughts on “Using your FitBit to login? Anything is possible

  1. It’s very clever but I am not sure I want to put everything into a fitbit-type thing. Presumably the receiving site has to have some sort of expected heart-beat for the wearer. How much data will that involve?


    • Thank you for responding! I think how it works is that you pre-record your cardiac rhythm which will be securely stored in the application server. Then, at the time of authentication, it takes a mini “fingerprint” of your heartbeat and compares it to the database. It won’t be recording all day so it shouldn’t involve too much data. It doesn’t have to be fitbit (that is just an example) but it can be any smartwatch (hopefully)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s