The Future of Authentication in Extended Reality

Managing numerous passwords for various apps and websites is a common challenge in modern life. While biometric solutions like fingerprints or eye scans exist, they often raise privacy concerns. A new software program called VitalID aims to solve this by utilizing the unique, subtle vibrations that occur within the human skull.

Presented at the 2025 ACM Conference on Computer and Communications Security, VitalID is designed specifically for extended reality (XR) settings. XR, which encompasses virtual, augmented, and mixed reality, is expanding rapidly beyond gaming into fields like medicine, finance, and remote work. As these immersive systems become more integrated into daily life, developing secure and effortless authentication methods has become a priority.

How VitalID Leverages Human Biology

VitalID functions by capturing the tiny, involuntary vibrations generated by a person's heartbeat and breathing. These vibrations travel through the neck and into the head, where they are shaped by the individual's unique bone structure and facial tissue. Because every person has a distinct skull shape and density, the resulting vibration patterns are unique to the individual.

The system utilizes existing motion sensors already embedded in XR headsets to detect these patterns, eliminating the need for additional hardware. According to Yingying Chen, a computer engineer at Rutgers University and study co-author, the software provides a secure and continuous authentication process that does not disrupt the user experience.

Testing and Performance

In a 10-month study involving 52 users, researchers tested VitalID across two popular XR headsets. The results were promising:

  • The system correctly authenticated legitimate users over 95 percent of the time.
  • It successfully rejected unauthorized users more than 98 percent of the time.

The team also developed a filtering system to isolate these internal vibrations from external movements, such as nodding. By focusing solely on the biomechanical signals caused by breathing and heartbeats, the system creates a highly secure profile that is difficult for others to mimic.

A Seamless Security Solution

Current methods for logging into financial or medical platforms within virtual environments can be cumbersome, often requiring awkward gesture-based typing or disruptive two-factor authentication. VitalID offers a potential alternative that works in the background, ensuring that only the authorized user can access sensitive data.

While the technology is not yet commercially available, Rutgers University has applied for a provisional patent and is open to research collaborations and licensing. The study was a collaborative effort involving researchers from Rutgers University, the New Jersey Institute of Technology, Temple University, and Texas A&M University.