Do you have trouble remembering your many passwords? The former head of the Pentagon's next-generation
group is working on a solution: a temporary tattoo or a pill, either of which take the place of a password.
At a technology conference in California this week, Regina Dugan, now head of the advanced technology and projects group at Google-owned Motorola Mobility, mentioned two research and development projects under way at the company. In one, a tattoo with an electronically generated bar-code-like image is placed on someone's arm. She displayed an example on her arm, with the tattoo applied via a transparent sticker.
The tattoo -- actually, "sticker" might be a more accurate label -- includes sensors and an antenna that can recognize your devices, after which it sends out an authenticating signal. The tattoo technology is made by a Cambridge, Mass.-based company called MC10, with which Motorola is partnering. MC10 specializes in products that utilize its stretchable circuits.
But perhaps a tattoo, even a temporarily-applied one, might clash with your summer wardrobe. Dugan, who headed the Defense Advanced Research Projects Agency from 2009 to 2012, has another, tattoo-less project in the works for password-challenged users -- a pill.
This authentication pill includes a small chip, and it derives its power from electrolytes inside one's stomach. The pill generates an 18-bit signal, which acts as the authenticator. It's not yet clear on what frequency cycle the pill would need to be ingested. According to news reports, the pill has been approved by the U.S. Food and Drug Administration.
To assuage all who worry that Google is driving us toward a pill-taking, tattooed future, Dugan assured the gathered audience that Google has promised that, if and when such technology actually emerged into the consumer or business marketplace -- something that could take years to happen -- tattoos or pills would remain optional choices for authentication. For Dugan and Motorola, by the way, both of these projects fall under the heading of wearable computers.
Brad Shimmin, an analyst with industry research firm Current Analysis, noted that these solutions are attempting to address two separate problems -- the security of passwords for logins, and the need for users to remember or keep track of multiple passwords.
On the first score, Shimmin questioned whether either the tattoo/sticker or the pill increased security, since their signals could potentially be detected by nearby hackers, or the login credentials otherwise grabbed in some way, such as by hacking a database of passwords. He wondered why either of these was more secure than, say, two-factor authentication, where a user logs in with a user name and password, and then a second password is sent by the system to the user via another channel, such as a code sent to the user's phone. The second password is then entered, to complete the authentication. If tattoos/stickers or pills were used, they could become the second factor.
Shimmin also pointed out that it would seem to be "safer to have multiple passwords" for separate accounts, including multiple two-factor logins, so a successful hack would only jeopardize one or a few accounts.
The other driver in new password systems is the hassle factor of remembering multiple passwords. Shimmin noted that biometrics could make a comeback, with better systems and wider usage this time around. Biometrics, using such built-in biological identity as fingerprints or voice prints, could also become a second factor without requiring users to keep a sticker on their arm or a pill in their stomach.