When it’s been a while since you last signed into your bank account, password hints can trigger your memory and help you recall your code word. But future security systems may not need a word or a hint–they’ll just read your mind.
A password system that tracks and authenticates your brain waves can actually work, according to a new study (PDF). Researchers at the University of California-Berkeley used a Bluetooth EEG headset and 15 volunteers, and recorded the volunteers’ brain activity while they did some repetitive tasks: concentrate on their breathing for 10 seconds, imagine they were moving their index fingers up and down, and so on. Then each person was asked to choose a “pass-thought,” which they focused on for 10 seconds.
Software analyzed each person’s brain activity, and searched for patterns that could be used as identifiers. Ultimately, the system accurately matched brain signals to the person who thought them 99 percent of the time. It traces the generalized brain-activity pattern that the thought elicits, according to researchers led by Prof. John Chuang.
Other forms of neurosecurity use a person’s subconscious, using a technique called implicit learning to imbue a person’s mind with a specific pattern of activity. And plenty of other researchers have used EEG caps to read and monitor thoughts. The difference here is that a person can pick his or her own pass-thought, rather than learning it by osmosis, and the technology that reads it is very simple: the NeuroSky Mindset earphones.
Chuang and colleagues presented their work at the 17th International Conference on Financial Cryptography and Data Security in Japan.