Another alternative to passwords is about to get a look. A company called EyeLock will soon release a $280 device for home and work PCs that lets you glance into a camera to log in to websites and desktop software or to unlock your computer.
The device, called Myris, uses the unique pattern of your irises to verify your identity. Its record of what your irises look like is stored in encrypted form in secure hardware inside the device, which can store credentials for up to five people.
At first the Myris will be sold as a stand-alone device in retail stores, but the technology will also be built into future laptops through a deal with a Taiwanese company that manufactures PCs for HP, Acer, and other major brands, says Anthony Antolino, who leads business development at EyeLock. The company will announce specific brands that plan to integrate the technology before the end of the year, he says.
Testing out the Myris suggests that the underlying technology works well but is unlikely to catch on until it is built into our devices. Having to use an add-on device compromises the convenience of logging in with your eyes and is impractical unless you always use your computer in the same place.
The Myris is a squat, palm-sized cylinder that connects to your PC with a USB cable. Its underside has a small mirror in the center with a small camera lens next to it. Any time you meet a login screen after the device has been set up, you hold up the Myris in front of your face so that both eyes are visible in its mirror. A few seconds later, a green ring lights up to signal that you’ve been recognized, and the device’s companion software will log you in without your having to touch a key. You can do that for websites, for desktop applications, or to log in to your user account on a computer.
EyeLock uses infrared LEDs to illuminate your face with invisible light, by which an infrared-sensitive camera captures video to inspect the texture of your irises. The company says its technology reduces false positives by a factor of 30 relative to the fingerprint reader in Apple’s mobile devices, and that it can distinguish a real eyeball from an image of one. EyeLock already sells iris recognition devices for access control to buildings; its customers include Bank of America.
Setting up the Myris is easy. When you plug it in for the first time you are prompted to install the companion software, which can integrate with the Chrome, Firefox, Internet Explorer, and Safari browsers. Whenever you log in to a website—say, Facebook—the software will ask if you want the Myris to store those credentials. Next time you visit the site, you can pick up the Myris and log in with your eyes instead. You can’t be wearing eyeglasses when you register your eyes with the device for the first time, but you can leave them on any time it needs to recognize you after that.
I didn’t try out the Myris for an extended period, but the technology seems to work as promised, and I can see that it can be more secure than typing passwords or even using password manager software such as Dashlane or LastPass. But it seems less convenient. You have to look down and pick up the device, then hold it in front of your face for a few seconds while it recognizes you. That’s why the technology would be much better if it were built into laptops or other devices. Being able to move your eyes to the top of your screen to authenticate could offer the convenience needed to get people to adopt it.
However EyeLock fares, we should expect iris recognition to become more common even than fingerprint biometrics, according to Kevin Bowyer, a professor at the University of Notre Dame. Although initially slower to develop, the technology has matured and offers significant advantages, he says: among other things, it is more accurate than fingerprints and easier to use.