This technology I am going to tell is based on bio-metric with more research to make it more robust. So first you need to have a wrist band or watch or health band in your hand. This band will identify with the owner based on biometrics like colour of your skin, complexion, grip on your hand, hair on your hand, length of hair as it grows, thickness of hair, distance between two hair strand, position of hair strand, pulse in your hand and new biometrics which can be tested in ur hand. In the future, I hope they scan your DNA. First we will consider offline scenario. So, when you are configuring Microsoft Windows, first you need to sync it with Microsoft watch ( hopefully soon), once you are done, there will be a password generator app in the watch as well as in Windows. It will generate password which will change every 2 minutes. Different algorithm for different users. You can update and change password generators any time. You can update only both at a time and keep it in sync. So every time you want login. Open Microsoft app in the watch. Ask for password , it will check your biometrics if found matching, it will generate a password and give it to you. Login. Online is much better, because you don't need to worry about whether password generator hardware is broken or not. In the future, may be there be a common password generator for mail, Internet banking and on and on so you install the app in your watch you click your intended option like hotmail, it checks your biometric and generates a password. Same as before. You can also make this password entering automatic. No need to manually enter. Even if loose ur watch, nobody can use it. You will be well aware if u have lost the watch, than cellphones. You can check the liveliness of your hand, whether it is live tissue or fake substance, video or whatever by asking the user to press the top of the watch at a point displayed by a compass on the screen. Campus will point to different points on the circumference during each check. Capture the picture and the video to check the liveliness of the hand.
If you say that it is possible to hack a watch. Let's make the watch simply a device to get your biometrics, it can work only online. Whenever you need a password, your device will take a picture of your hand and collect liveliness data. It simply sends the data to the server. Server holds all the biometric data. You can't hack a server, that much easily. It gets hardware-software combo information of the watch which will itself change every 10 minutes, not revealing anything about it to the user and biometrics. This information is a combination of software and hardware. This software uses thousands of algorithms, which changes from watch to watch and time to time. So the server compares biometric and encrypted hardware-software combo info with server data and sends you a password, which will last only 10 minutes. Even if you bypass this, which is impossible, I guess, the server will first send a beep signal to the watch, whenever some login happens, and only if you press a button in the watch, will a login happen. We can even set the time how much time a login last, before session expires. If you set half-an-hour, a small drop-down box comes every half-an-hour and asks for the current password. If you fail to provide latest password, it will logout. Also, if you want to change a setting, like time limit for logout. You have to enter new password and this will be generated immediately without waiting for 10 minutes. I think this is already existing procedure to ask password again. Only difference is a new password is created.
So basically, there is always a race between hackers and software producers. Who runs ahead will be the winner. If u are complacent and stand in a place, certainly one day hackers will run ahead of you. Software should always evolve with the time. No technology is unbreakable beyond a certain time.
If you say that it is possible to hack a watch. Let's make the watch simply a device to get your biometrics, it can work only online. Whenever you need a password, your device will take a picture of your hand and collect liveliness data. It simply sends the data to the server. Server holds all the biometric data. You can't hack a server, that much easily. It gets hardware-software combo information of the watch which will itself change every 10 minutes, not revealing anything about it to the user and biometrics. This information is a combination of software and hardware. This software uses thousands of algorithms, which changes from watch to watch and time to time. So the server compares biometric and encrypted hardware-software combo info with server data and sends you a password, which will last only 10 minutes. Even if you bypass this, which is impossible, I guess, the server will first send a beep signal to the watch, whenever some login happens, and only if you press a button in the watch, will a login happen. We can even set the time how much time a login last, before session expires. If you set half-an-hour, a small drop-down box comes every half-an-hour and asks for the current password. If you fail to provide latest password, it will logout. Also, if you want to change a setting, like time limit for logout. You have to enter new password and this will be generated immediately without waiting for 10 minutes. I think this is already existing procedure to ask password again. Only difference is a new password is created.
So basically, there is always a race between hackers and software producers. Who runs ahead will be the winner. If u are complacent and stand in a place, certainly one day hackers will run ahead of you. Software should always evolve with the time. No technology is unbreakable beyond a certain time.
Suppose military wants to use this technology. And u r caught in enemy territory with this watch, you have to utter a code( whatever u set), like AFD25, it will permanently lock the watch. Microsoft can even develop custom watches, which looks like ordinary or luxury watches, with this technology, for a premium fees for different needs, as required.
