Security in a Heartbeat: Texas Tech Researcher develops “cardiac password”

From passwords, thumbprints, retina scans, to facial recognition, there’s no shortage of identity authentication features for phones and computers. But Changzhi Li, a researcher from Texas Tech University, envisions an even more intimate security method: a “cardiac password” which can identify users by their heart waves.

Existing security measures are vulnerable to cyber-attacks. Hackers have consistently proven their ability to hack passwords and use fake thumbprints to gain unauthorized access and penetrate existing security defenses. Countermeasures for increased cyber security, however, are often invasive and inconvenient, such as requiring users to continuously re-log in or re-scan their thumbprints every few minutes. Instead, the project, developed by Li under Wenyao Xu from the University of Buffalo, seeks to create a method that is both secure and user-convenient.

Theoretically, the “cardiac password” would work similar to a police radar that measures the speed of a car but instead measures the speed of a heartbeat and how that movement changes over time. Xu said, “No two people with identical hearts have ever been found.” Building on the assumption that each person has his or her own unique heart and waveform, the “cardiac password” involves releasing a radio frequency signal to measure and authenticate the user’s signature heartbeat. When the user walks away from the computer or if another person attempts to log in, the device would automatically lock down.

The “cardiac password” would not be invasive since it would continuously authenticate the user without the user’s active participation. Li explained, “This system does not ask people questions or require us to do anything like type in a password or do a finger scan or face scan. You just do whatever you want to inside your office, and the system sends out a signal to check out your cardiac waveform without letting you know it is doing it.” The signals would also be less powerful than Wi-Fi and the radiation from cellphones and therefore, would not pose a severe health concern.

This project is still in its development stages. The team is currently testing different sensitivity devices and hardware that could be used for the “cardiac password.” From there, Li would better assess the feasibility of the project. He also recognizes that the project would need to account for signal changes in the user’s heartbeat, such as aging or pacemakers. Li and Xu hope the “cardiac password” would one day be used for computers, cell phones, and even in airport identification.

Are you also engaging in R&D experiments to develop new cyber-security measures? Did you know that If you conduct your R&D projects in universities, you could receive up to an additional 20% credit for your expenses? To find out more, please contact a Swanson Reed R&D Specialist today.


Swanson Reed regularly hosts free webinars and provides free IRS CE credits as well as CPE credits for CPA’s.  For more information please visit us at or contact your usual Swanson Reed representative.

Recommended Posts