Mind over matter: Researchers turn thoughts into passwords

Scientists demonstrate ability to differentiate individual brain activity. May be how you access your digital life in the future.

In the not-crazy-distant future, instead of using a password to navigate our digital lives, we may be able to think our way into our various online services and ever-growing array of digital whatnots.

Researchers at the University of California-Berkeley's School of Information claim to have devised a method to use biosensors to accurately differentiate the brainwaves of specific subjects as they visualized songs, images, or other mental tasks. The brain activity resulting from these tasks appear to be inherent to each individual and may one day supplant traditional (and hackable) password security systems.

The researchers used a commercially available EEG reader that retails for less than $100 from NeuroSky. The Bluetooth-enabled device uses a "dry connection" via a sensor placed on the forehead. It kind of resembles a hands free wraparound phone headset, except that the microphone is snuggled against your forehead rather than in front of your mouth. According to NeuroSky's site, while their device cannot sense specific neurons firing-off, they can register "a dominant mental state, driven by collective neuron activity."

Test subjects were asked to perform various mental tasks such as focusing on their breathing, imagining their finger moving up and down, or listening to an audio tone while concentrating on a dot. Each subject also had their brain activity measured while performing personalized mental tasks such as visualizing a repetitive motion from a familiar sport, silently singing a song of their choice, or focusing on a thought of their choosing for 10 seconds.

The team claims that by customizing an "authentication threshold" for each user, they were able to keep error rates under 1 percent.

Biometrics haven't taken off

While manufacturers have experimented with various forms of biometric identification, they have yet to become widely adapted due to cost, lack of speed, and perhaps even the public's latent fears of how that information might be used in a future Skynet dystopia. (Biometrics have, however, been openly embraced by the nations like India, which hopes to log biometic information on more than a billion of its residents).

This brainwave or "passthought" technology--in its current state--would appear to take too long to be practical for many daily tasks. However, if it proves to be accurate, then it may be useful for seldom-used tasks that are only accessed sporadically.

If future versions of smartphones or other wearable tech (which we already readily paste to our heads) gain the ability to read EEGs--and individual brain activity could be established accurately and reliably in under five seconds--this may be a first biometric scheme to become widespread.

The public will likely learn to embrace a system that does away with the contemporary password-centric security scheme. Our modern lives are stuffed full with too many passwords. We need them to access everything from our tablets to our Twitter. If you're at all concerned with hackers rifling through your all your private digital doings (as you should be), then your passwords for all your services should be unique should one service become corrupted. Furthermore, each unique password should be filled with all manner of not-easily-guessable keyboard nonsense like strange l3tters and n0mber combinations, unexpected CapiTAlizaTion schemES, and non-typical ch@racter$. While certainly more secure, they may not be easy to keep track of.

Our growing dependence on automation and the virtual world only promises to make our password security schemes more difficult. Once our digital lives gain the ability to recognize us reliably, affordably and quickly; the public will readily learn to embrace the password-free lifestyle.

Join the CSO newsletter!

Error: Please check your email address.

Tags University of California-Berkeleysecurity

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Evan Dashevsky

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place