Dear Impossible Readers,
Have you ever tried to pay with your face, only for your phone to throw a tantrum because your head is just slightly out of position? Suddenly, you are jabbing in your passcode while a line of tutting strangers gathers behind you. Biometrics make our lives remarkably easy. We went from typing in a passcode or swiping a pattern on smart devices to fingerprint, face, or voice recognition. And while fingerprints, faces, and voices get all the attention, they are not as secure as we would like to believe. Imagine security that did not just rely on one thing about you, but a signature cocktail.
Picture a house key that scans the veins in your fingers before it even considers turning. Or a payment card that only activates when it recognises the unique blood vessel pattern in your eye. Finger vascularisation is the pattern of blood vessels under your skin. Eye vascularisation is a unique web of veins in your retina. Finger and eye vascularisation are stable living in-body signatures that are difficult to forge.
Add a metabolic signature that is unique to your chemistry, and suddenly, impersonating you becomes a nightmare for anyone attempting to do so. Metabolic biomarkers are chemical traces your body leaves after eating or taking certain medications. For particularly high-security access, EEG signatures (your brainwaves) could be included, paired with a physical token you hold.
So, even if someone is wearing your face or fingerprints, they still cannot pass without your live vascular, chemical, or neural signature. None of these need to live in a creepy centralised database either. They can be paired with a decentralised physical component (e.g., key, card, wearable devices) and store your data locally. Your door lock, your car key, and your payment card could all read your vascularisation when in your hand or in front of your eyes. Even when (yes, not if) the digital system gets hacked, it is useless without the physical counterpart.
Today, the technology exists in siloes. Finger vein scanners are already used in Japanese ATMs. Amazon One lets you pay with your palm vascularisation. Airports mix iris scans with face recognition. Gait recognition, such as keystroke dynamics and heartbeat, is already in trials. Even ECG-based (your heartbeats) authentication is built into some wearables. However, metabolic biomarkers are mostly stuck in medical and sports applications, and EEG authentication lives in research labs.
To get from here to a multi-layered system, we need more miniaturisation and better accuracy under real-world conditions. We need vascular scanners small and cheap enough to fit in a key or card, metabolic sensors that work in real time without lab gear, and EEG readers that are passive and wearable. Pair all of that with decentralised storage so no one hoards your biometric data, and we have got security that is personal, portable, and a nightmare to steal. Because somewhere, someone has already turned your Instagram profile into a wearable disguise.
Meet you at the lock,
Yours Possibly
State of the Art Security
| Method | Current Use Case(s) | Strength(s) | Limitation(s) | Further Reading |
|---|---|---|---|---|
| Finger vein | ATMs (Japan); Hospital staff login | Requires live tissue, hard to forge | Needs contact/close proximity | Kolivand et al (2023) |
| Eye vascularisation | Border control; Secure facilities | Extremely unique, stable for life | Eye disease issues | Rasheed et al (2023) |
| Face recognition | Airports; Smartphones; Surveillance | Fast, contactless | Vulnerable to deepfakes/masks | Rai & Kanungo (2025) |
| Palm vein | Amazon One; Hospitals | High accuracy, liveness detection | Specialized scanners needed | Hemis et al. (2025) |
| Voice recognition | Banking call centres; Smart assistants | Works remotely, hands-free | AI voice cloning risks | Khan et al. (2023) |
| Hand geometry | Time clocks; Facility access | Durable tech, low cost | Lower uniqueness | Li et al. (2024) |
| Keystroke dynamics | Online banking; corporate systems | No extra hardware | Changes with stress/injury | Shadman et al (2025) |
| Mouse movement | Web fraud detection | Passive, continuous | Limited standalone accuracy | Khan et al (2024) |
| Touchscreen swipe | Mobile banking apps | Passive, always-on | Sensitive to device changes | Ellavarason et al (2020) |
| Gait recognition | Airports; Research labs | Works at distance, hard to fake | Altered by injury/load | Şahan et al (2024) |
| Location-based | Banking apps; Secure messaging | Seamless, geo-fencing | GPS spoofing possible | Alrawili et al (2024) |
| Device proximity | Smart locks; Cars | Convenient, multi-factor | Device theft risk | Shukla et al (2024) |
| IoT multi-factor | Connected cars; Smart homes | Stronger than single factor | More points of failure | Fneish et al (2023) |
| Heartbeat (ECG) | Wearables; Payment trials | Unique, liveness check | Sensor contact needed | Lonbar et al (2024) |
| Thermal face mapping | Airports; Health security | Detects illness + ID | Privacy, cost | Stanić & Geršak (2025) |
| Signature verification (digital) | Contracts; Stylus devices | Tracks pressure/speed | Forgery with AI possible | Tolosana et al (2021) |
| Metabolic biomarkers | Alcohol/drug testing; Health devices | Real-time body chemistry | Influenced by diet, illness | Duan et al (2024) |
| EEG authentication | Research; Medical devices | Hard to spoof | Needs sensors, mental state effects | Zhang et al (2021) |
impossibly possible 
Leave a comment