PasswordsFuture computers will identify users by thoughts, not passwords

You will soon be able to authenticate to your computer via your brainwaves // Source: eet-cn.com

Instead of typing your password, in the future you may only have to think your password, according to University of California, Berkeley School of Information (I School) researchers. A new study explores the feasibility of brainwave-based computer authentication as a substitute for passwords.

The project was led by School of Information professor John Chuang, along with Hamilton Nguyen, an undergraduate student in electrical engineering and computer science; Charles Wang, a first-year I School MIMS student; and Benjamin Johnson, formerly a postdoctoral scholar at the I School. Chuang presented the team’s findings this week at the 2013 Workshop on Usable Security at the Seventeenth International Conference on Financial Cryptography and Data Security in Okinawa, Japan.

A University of California, Berkeley release reports that since the 1980s, computer scientists have proposed the use of biometrics for computer authentication.

Systems requiring fingerprint scans, retina scans, or facial or voice recognition are far more secure than passwords, since fingerprints are hard to forget and harder to steal. Such systems, however, are also slow, intrusive, and expensive. Biometric authentication has never gained wide acceptance; other than a few high-security settings, it remains more science fiction than science fact.

In recent years, security researchers have proposed using electroencephalograms (EEGs), or brainwave measurements, for computer authentication, replacing passwords with “pass-thoughts.” If other biometric systems have proven cumbersome and expensive, however, brainwave authentication has been even more so; no one wants to install invasive probes under their skull every time they check their e-mail!

All that has changed, though, with recent developments in biosensor technologies.

New consumer-grade EEG devices
Traditional clinical EEGs typically employ dense arrays of electrodes to record 32, 64, 128, or 256 channels of EEG data. New consumer-grade headsets, on the other hand, use just a single dry-contact sensor resting against the user’s forehead, providing a single-channel EEG signal from the brain’s left frontal lobe.

The research team used the Neurosky MindSet, which connects to a computer wirelessly using Bluetooth and can be purchased for approximately $100. “Other than the EEG sensor, the headset is indistinguishable from a conventional Bluetooth headset for use with mobile phones, music players, and other computing devices,” according to the researchers.

Will it work?
Will this new technology work for computer authentication? Is it secure, accurate, and reproducible enough to replace passwords? More importantly, would people actually be willing to use it? The research project has preliminary answers to all three of these