A Rutgers-led team recently unveiled VitalID, an authentication method that reads tiny vibrations from your breathing and heartbeat as they resonate through your skull — a biometric tailored for VR/AR.
This new invention joins a long list of ideas — from swallowable microchip pills to body odour detectors — that were meant to replace passwords.
Cybersecurity experts at password manager company NordPass have traced these attempts and compiled a report. Digital Journal reviews the key findings.
Bizarre passwordless experiments
Some of the strangest and most interesting authentication methods proposed have been picked out.
The password pill
In 2013, around the time Apple’s Touch ID launched, Motorola unveiled a striking prototype — a swallowable authentication pill containing a tiny chip powered by stomach acid. The device produced an 18‑bit, ECG‑like signal that effectively turned the user’s body into an authentication token. It never advanced beyond demos, largely because it felt more like surveillance than authentication, and because Touch ID offered a simpler, far less invasive alternative.
Electronic tattoo
At the same 2013 conference, Motorola also showcased a temporary password tattoo — ultra‑thin, flexible circuits that adhered to the skin for on‑body authentication. The demos were unforgettable, but the concept stalled due to practicality, privacy, and adoption hurdles — users had to replace the tattoo weekly, or it stopped working, making it more cumbersome and costly than passwords. Notably, while that authentication concept faded, similar flexible electronics now power consumer products such as adhesive baby thermometers.
Bone-conducted skull signatures
Researchers have repeatedly explored using the way sound travels through the skull as a unique biometric, from early “SkullConduct” work to recent systems like Rutgers’ VitalID. The core idea is simple — your skull’s acoustic response can be as distinctive as a fingerprint. It’s a clever concept, but so far it has remained largely at the prototype stage because it’s impractical to rely on a head‑mounted device every time you log in. However, VitalID may be on the right track by focusing on virtual and augmented reality environments, where users already wear a device on their heads.
Heartbeat recognition (ECG)
Devices like the Nymi Band use a person’s unique heart rhythm as a biometric signature. Because no two ECG patterns are identical, the wearer can authenticate simply by being near authorized devices. This is one of the few experimental methods that actually reached the market — but it remains niche, designed for B2B and research scenarios where staff must authenticate to equipment beyond standard computers (it requires both an ECG bracelet and a compatible reader plugged into a machine). For the mass market, it is still too costly and impractical.
Vein pattern mapping
This method uses infrared light to map the unique vein patterns beneath the skin, typically in the palm or fingers. It is already deployed in high‑security environments such as laboratories and data centers, as well as for patient identification and secure access to electronic medical records (e.g., Imprivata PatientSecure). Like ECG bracelets, however, it remains impractical for mass‑market use because it requires specialized sensors or additional hardware on smartphones and computers.
Lip-reading software
Researchers have developed systems that identify users based on the unique way they mouth specific words or phrases. While the technology is now relatively mature, it is used more often to support solutions for people with hearing impairments and for forensic analysis (e.g., extracting speech cues from silent CCTV footage). It could be applied to authentication, but it remains impractical — most users won’t want to mouth passphrases at a computer or phone every time they log in.
Ear shape, heartbeat, gait, and odour
Over the years, various academic teams have tested everything from ear morphology and gait to body odor and body proportions as identity signals. While these traits can be distinctive, they struggle with reliability, sensor availability, and user acceptance, which is why you don’t scan your ear or authenticate by aroma at the office door.
Potential alternatives to passwords
While only a handful of biometrics — primarily face and fingerprint — have become everyday tools, there are some potential solutions. Passkeys, a phishing‑resistant login method built on on‑device biometrics and supported by technology heavyweights, are progressing in the same direction, but their adoption is slower than expected.
Fingerprint login became mainstream in 2013 and face scan in 2017, driven primarily by Apple’s introduction of Touch ID and Face ID. These technologies succeeded because they are simple to use, fast, built into phones and laptops, and work offline on the device.
Passkeys have the potential to become the dominant form of authentication because they are based on previous technology that is already built into nearly all modern devices and solves the password problem.
The report suggests to use passkeys wherever they are available. Everywhere else, use long, unique, randomly generated passwords stored in a password manager.
