I’m logging into Facebook when that pesky window pops up, alerting me that the website has sent a pin number to my cell phone and requiring that I enter it to ensure I’m not a hacker. But this time, instead of digging around for my phone so I can painstakingly enter in each digit, I turn my hand as if unlocking a door. As if by magic, the digits appear on my screen. I’m in.
This bit of wizardry is the doing of the Motiv ring, a fitness tracker turned security device that sits on my finger every day, monitoring my heart rate and counting my steps as well as providing two-factor authentication (2FA) as I traipse across the web. While the ring launched in September 2017, these security features are new–and indicate the latest step in the ever-elusive quest for human-centered security.
Right now the ring can fill in 2FA for you, but Motiv aims to one day replace your passwords entirely with just a gesture. “In the security realm, this ring will become your connection from your physical self to your digital presence,” says Motiv’s CEO, Tejash Unadkat.
Motiv’s new security features integrate into a security protocol called WebAuthn–a set of digital rules that will enable internet-connected devices, websites, and browsers to use biometrics as authentication. WebAuthn was created by the same organization that established 2FA across the web, and it’s showing promise: Firefox, Chrome, and Microsoft Edge have all signed on to use the standard. The Motiv ring is the first wearable ring to be certified. If and when the standard is more widely adopted by every app and website you use, your Motiv ring could unlock all of them.
But that password-free future is still far away. For now, 2FA remains the best way to keep your accounts safe, so automatically filling in those pesky pin numbers for you is Motiv’s main security draw, with the possibility of WebAuthn on the horizon. So far, the ring is compatible with a small list of very prominent sites, including Google, Facebook, Twitter, Amazon, Dropbox, and Salesforce, though the company says the number will grow.
What happens if you lose your ring? For that, Motiv has developed another layer of security to ensure that it’s actually you wearing your ring. Called “Walk ID,” the ring measures your gait, something research has shown can be used to accurately identify people. During set up, the ring requests that you walk around with it for about five minutes so it can learn how you walk. Then, every time you take off the ring and put it back on, you walk around for a few minutes to show the ring that it’s really you. Then, the app sends a notification to let you know that you’ve been authenticated via Walk ID, within 99% accuracy.
To test out Motiv’s promise, I donned a ring for a few weeks. But using it wasn’t as easy as it initially seemed. Two-factor authentication is a security necessity, but it was a lot of work to go through each security setting again and link it to my Motiv ring. Often it didn’t work and the wrong pin would appear when I made the gesture. I couldn’t figure out when the ring was linked and when it wasn’t. Sometimes I was stuck turning my hand over again and again until my arm got tired, with no guidance about what had gone wrong. The set up process was so cumbersome that it was difficult to see why anyone would go to the trouble. And while I recorded a Walk ID signature, I couldn’t tell when I was supposed to walk around to authenticate myself, and ended up turning the feature off.
Right now, Motiv’s ring might make sense if every account you use on a regular basis is set up to require 2FA on every login, or even on every session. I certainly don’t have my accounts set up that way. On my personal computer, I mostly remain logged in to the websites I use frequently. While I recognize that 2FA for every session would be the most secure way to set up my accounts, I have sacrificed security for the sake of convenience because 2FA is such a hassle and interrupts the flow of my work. But with the number of security breaches rising, having 2FA always on is certainly the smartest, most secure way to be online.
If it really was as simple as twisting my wrist a few times every time I wanted to log in to a site, would I actually set up all my accounts to require 2FA with every visit? Maybe. But before that happens, Motiv has a ways to go in terms of reliability, user experience, and ease of set up. After all, if it doesn’t work, you could get locked out of your accounts, and that fear eventually stopped me from trusting the ring.
Still, given the sheer number of security breaches–Facebook just this month compromised 30 million accounts–we do need a user-friendly solution that will make it easier to bolster our own security where we can. If Motiv gets its way, it could one day be as easy as a twist of the wrist.