Mind over matter: Researchers turn thoughts into passwords

Scientists demonstrate ability to differentiate individual brain activity. May be how you access your digital life in the future.

In the not-crazy-distant future, instead of using a password to navigate our digital lives, we may be able to think our way into our various online services and ever-growing array of digital whatnots.

Researchers at the University of California-Berkeley's School of Information claim to have devised a method to use biosensors to accurately differentiate the brainwaves of specific subjects as they visualized songs, images, or other mental tasks. The brain activity resulting from these tasks appear to be inherent to each individual and may one day supplant traditional (and hackable) password security systems.

The researchers used a commercially available EEG reader that retails for less than $100 from NeuroSky. The Bluetooth-enabled device uses a "dry connection" via a sensor placed on the forehead. It kind of resembles a hands free wraparound phone headset, except that the microphone is snuggled against your forehead rather than in front of your mouth. According to NeuroSky's site, while their device cannot sense specific neurons firing-off, they can register "a dominant mental state, driven by collective neuron activity."

Test subjects were asked to perform various mental tasks such as focusing on their breathing, imagining their finger moving up and down, or listening to an audio tone while concentrating on a dot. Each subject also had their brain activity measured while performing personalized mental tasks such as visualizing a repetitive motion from a familiar sport, silently singing a song of their choice, or focusing on a thought of their choosing for 10 seconds.

The team claims that by customizing an "authentication threshold" for each user, they were able to keep error rates under 1 percent.

Biometrics haven't taken off

While manufacturers have experimented with various forms of biometric identification, they have yet to become widely adapted due to cost, lack of speed, and perhaps even the public's latent fears of how that information might be used in a future Skynet dystopia. (Biometrics have, however, been openly embraced by the nations like India, which hopes to log biometic information on more than a billion of its residents).

This brainwave or "passthought" technology--in its current state--would appear to take too long to be practical for many daily tasks. However, if it proves to be accurate, then it may be useful for seldom-used tasks that are only accessed sporadically.

If future versions of smartphones or other wearable tech (which we already readily paste to our heads) gain the ability to read EEGs--and individual brain activity could be established accurately and reliably in under five seconds--this may be a first biometric scheme to become widespread.

The public will likely learn to embrace a system that does away with the contemporary password-centric security scheme. Our modern lives are stuffed full with too many passwords. We need them to access everything from our tablets to our Twitter. If you're at all concerned with hackers rifling through your all your private digital doings (as you should be), then your passwords for all your services should be unique should one service become corrupted. Furthermore, each unique password should be filled with all manner of not-easily-guessable keyboard nonsense like strange l3tters and n0mber combinations, unexpected CapiTAlizaTion schemES, and non-typical ch@racter$. While certainly more secure, they may not be easy to keep track of.

Our growing dependence on automation and the virtual world only promises to make our password security schemes more difficult. Once our digital lives gain the ability to recognize us reliably, affordably and quickly; the public will readily learn to embrace the password-free lifestyle.

Copyright © 2013 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.