Skull Echoes Are The New Passwords

A sound idea

SkullConduct Diagram

SkullConduct Diagram

The password is inside the skull.Stefan Schneegass, Youssef Oualil, Andreas Bulling

Passwords fail. Human memory is weak, so we pick familiar terms. To avoid familiar terms, logins require long passwords, with numbers and capitalization and special characters. Humans forget these, because they’re complicated, and so they have to answer security questions, which are things familiar to the person, and therefore discoverable. The greatest failure in online security is often fallible memory. Researchers from Perceptual User Interfaces have a better idea, located inside people’s heads. It uses the unique sounds their skulls make.

From the paper:

We present SkullConduct, a biometric system that uses bone conduction of sound through the user’s skull as well as a microphone readily integrated into many of these devices, such as Google Glass. At the core of SkullConduct is a method to analyze the characteristic frequency response created by the user’s skull.

Essentially, because every skull is different, when the device plays a specific sound pattern into a person’s head, it will make a unique sound back, as it bounces around and reverberates through the user’s head. Once set up, the device can recognize the pattern again when re-worn, creating a new kind of useful password.

The study was small, with just ten users, and it focused on Google Glass, a wearable with as uncertain a fate as any. But the science behind bone conductivity passwords seems pretty sound, so we should listen for similar designs in the future.