Forget Passwords, Authentication via Brainwaves On The Horizon

Imagine a world without passwords. Scary, right? There's no doubt that passwords are an integral part of computing, because they allow us the easiest form of security when accessing our online accounts. But, as has been evidenced time and time again, passwords are far from bulletproof, especially if you generally don't care about them or get lazy about them. Anytime a password database gets leaked, check out how many of them are the same - as hard as it is to believe, some people still use "password" as a password.

On the opposite end of the spectrum, you might have complex passwords - as you should. But another problem arises: truly complex passwords are difficult to remember. I personally belong to this camp. If I were held at gunpoint and was demanded to riddle off my email password, I'd ask the gunman to make it quick. 50 or so unique passwords ranging from 10 - 20 characters each - good luck in remembering all that.

While it sounds like science fiction, researchers at U.C. Berkeley School of Information have a solution: let's use our brainwaves for authentication. In an experimental study, the researchers found with high confidence that there's enough deviation in the brainwaves from one person to the next to make a certain thought process totally unique. Plus, it's been evidenced that these patterns are repeatable (sounds like some brains got benchmarked here).

Participants were asked differing questions so that researchers could monitor their brainwave patterns. Some were asked to choose a personal secret, sing a song in their head, picture a repetitive motion from a sport and so forth. As professor John Chuang states, "our task is to determine if a presented brainwave signal matches the brainwave signals previously submitted by the user when they were setting up their pass-thought."

In all of their tests, the researchers found that brainwave authentication is a definite possibility down the road. I do have a couple of concerns about this, however, with the main one being false-positives or a brainwave pattern differing to a degree that makes it impossible for a user to authenticate. What if you're under stress? Your brain is moving a mile a minute? Would this prevent you from being able to authenticate? The other issue comes from the fact that to monitor brainwaves, you need to wear appropriate equipment. In the end, it seems like this technology would be best-suited for computers where security is of utmost importance.

Do you ever see this sort of authentication hitting the mainstream?


Via:  Dark Reading
blog comments powered by Disqus