Kill All Passwords: PayPal sees future of vein recognition, smart tattoos and ingestible ID technology

Online money service Paypal wants to kill all passwords, replacing them with vein recognition, ingestible technology and computer chips tattooed to our skin.

In a presentation called Kill All Passwords, Paypal's global head of developer advocacy Jonathan LeBlanc outlined solutions which would replace the traditional written password, and go much further than the fingerprint scanners smartphone consumers are beginning to get used to. LeBlanc's aim is to use unique biometric data to eradicate false negatives - stopping valid users logging in - and false positives - allowing invalid users access to whatever is being protected.

LeBlanc sees technology taking a leap forward to "true integration with the human body," and says identifying people with external body parts such as their fingers and eyes is "antiquated." he suggests devices like brain implants and attachable computers which "put users in charge of their own security." Ingestible devices could be powered by stomach acid, which would run their batteries, LeBlanc said in an interview with the Wall Street Journal.

Internet users have a poor history of choosing short, weak and easy to guess passwords for all manner of online services, from personal websites, social media pages and email accounts, to financial services like their bank and Paypal. Many users opt for the same password across multiple websites, making it easy for a hacker to guess their way into the victim's digital life.Passwords can also be gleaned from background knowledge of the target, or by conning them into handing the password over, known as social engineering. According to the presentation, the most popular passwords of 2014 were '123456', 'password', and '12345678'.

"If there's a weak password you need to harden that with something physical behind it," LeBlanc said, suggesting an alternative could be a thin silicon chip embedded under the skin and which contains ECG sensors to monitor the heart's unique electrical activity. This data would be communicated via a wireless antenna to "wearable computer tattoos." Last year, Motorola announced temporary tattoos which could unlock its Moto X when the phone came into contact with them.

Alternatively, ingestible capsules could detect glucose levels and other unique internal features to identify someone once the data is beamed out to a receiver. LeBlanc said such data would be encrypted to prevent it from being hacked.

Paypal is actively working with partners to build vein recognition technologies, as well as heartbeat recognition bands and other prototypes of futuristic ID verification tools, mostly through 24-hour hackathons, where developers are given one day to come up with a solution to a technological problem. LeBlanc said: "I can't speculate as to what PayPal will do in the future, but we're looking at new techniques - we do have fingerprint scanning that is being worked on right now - so we're definitely looking at the identity field."

UPDATE: Since the story was published PayPal has contacted IBTimes UK to explain that it isn't directly working on these technologies at present:

"We have no plans to develop injectable or edible verification systems. It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments. We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung. New PayPal-driven innovations such as one touch payments make it even easier to remove the friction from shopping. We're always innovating to make life easier and payments safer for our customers no matter what device or operating system they are using."