Cybersecurity experts cite a golden trio of requirements for the utmost safety: something you know, like a password or PIN; something you have, like a smartphone or fob; and something you are, like a retina scan or fingerprint.
This is known as multi-factor authentication, but even a three-pronged approach could be vulnerable to determined hackers. Passwords can be stolen or snooped by cameras, or revealed through carelessness – in August, login details for computer systems at the UK Passport Office in Plymouth were visible on a flip-chart through a window.
Authentication tokens, often used by banks to generate a random code that is entered into a login system alongside a password, can be cloned or stolen. And even biometrics are vulnerable – deep fakes are threatening voice recognition, a high-res photo and a contact lens can fool iris scanners. In April, researchers armed with a 3D printer were able to bypass fingerprint scanners more than 80 per cent of the time, with a budget of less than $2,000 (£1,500).
Now a group of designers from the Royal College of Art believe that all three of the requirements for good multi-factor authentication can be met in one place – inside your mouth. Beren Kayali, Lu Ye, Paul Mendieta, and Lea Marolt Sonnenschein have created Stealth, a mouth wearable that can verify your identity by combining the three-pronged approach into one.
Following the “something you are” principle, Stealth scans and stores the pattern of the palatal rugae – the rough folds behind the teeth in the roof of the mouth. These are unique to individuals, even more so than fingerprints, which have sometimes been found to show repeating patterns across generations. The other benefit is that you’re less likely to leave your mouth print lying around – unlike fingerprints, which are left on objects that you touch, it can’t be lifted or copied after the fact.
The device is also designed to take advantage of the tongue’s unique sensitivity. It can deliver different sensations to the tip of the tongue – the user is then required to respond to specific sensations with a different gesture or movement of the tongue. This knowledge of which gesture matches which sensation – the “something you know” bit – is akin to a password no one can eavesdrop on.
The final benefit of Stealth, say its creators, is that it’s completely concealed. Unlike a smartphone or a fob that can still be monitored or stolen, it’s possible to use Stealth without anyone being aware of it – it connects wirelessly to your smartphone or other systems and sits in the roof of the mouth. It really is “something you have”. The team have applied for a patent for the technology and hope to spin it out into a startup in the coming months.
Amit Katwala is WIRED’s culture editor. He tweets from @amitkatwala
More great stories from WIRED
💡 2020 has been bleak but these 32 innovators are building a better future for us all
💬 All the ways Microsoft Teams tracks you and how to stop it
👟 Step out of the city with our pick of the best trail running shoes