Will Passthoughts Replace Passwords?
Will Passthoughts Replace Passwords?
Recent advances in electro-encephalography (EEG) have encouraged an unprecedented level of interest in brain wave research and application development. Now researchers at the UC Berkeley School of Information have developed a way to identify a person's identity by analyzing brainwaves using commercial EEG hardware.
The idea of using brainwaves to determine a person's identity is nothing new. Researchers have been investigating EEG-based authentication since 2005, but the UC Berkeley study is the first to demonstrate that an affordable, non-medical EEG
reader can obtain a reliable signal.
The researchers, led by Professor John Chuang, ran a series of experiments in which they tested how such a system of brain wave authentication would work. They used a $200 dollar commercial EEG headset manufactured by Neurosky for the experiments.
The goal was to use EEG technology to distinguish brainwaves and use that as a form of identification instead of a password. The biggest challenge Chuang's team confronted during the experiments was the fact that modern science is still unsure whether brainwaves are as distinct as -- say -- fingerprints and retinas.
So the team devised a clever work around. Rather than using generic brainwaves, they asked volunteers to perform a number of mental tasks. These included humming a certain tune, focusing on a dot on a piece of paper, and lifting one finger deliberately up and down, among others.
The researchers then recorded their brain activity and used the distinct pattern of brainwaves generated by each volunteer as a kind of digital fingerprint.
Mr. Chuang explained the process to the BBC recently. "You process them and make decisions about whether this brain wave signal does indeed belong to the individual whose identity is being authenticated," Chuang said.
The immediate objective of the experiments was not only to achieve an acceptable level of reliability, but also to ensure that recalling certain thoughts was not too confusing for average device users. "We wanted them to say, 'Yeah, I don't
mind doing that'," Chuang said in an earlier interview with Metro.
The researchers found that subjects could have their passthoughts authenticated with an error as low one percent.
While the finding may sound surprising to some, analysts say that -- given current knowledge -- it makes perfect sense. Apart from variations in our genes, tiny differences in learning and development can change how neurons are connected in each person at the cellular level.
Not a replacement for passwords ... yet
Chuang said passthoughts would have a number of advantages over conventional passwords. People cannot determine your passthought by analyzing the smudge patterns on your touch-screen device, for instance. They would also be unable to see your passthought by looking over your shoulder as you log in -- a crude and surprisingly common practice among cyber criminals these days.
But you won't be using a "passthought" to gain access to your business phone apps any time soon. For now, Mr. Chuang says it is still simpler -- and probably easier -- to rely on a typed password for most commercial computing technologies.
"We implemented an algorithm, or an authentication protocol, and we demonstrated it, but we haven't really integrated it with any system," Chuang said. "We don't see this as a replacement to traditional passwords where we sit down in front of a computer."
Brain wave authentication may nonetheless prove useful for wearable devices sooner than most people would think. "You can see all these pictures of Sergey Brin wearing this Google Glass," Chuang told NBC News not too long ago. "What if he puts down his Google Glass, and someone else picks it up? Does that mean someone else can access his photos, start messaging his friends?"
Image courtesy of Zeno_, Flickr.