The idea that we might ‘think’ passwords instead of typing them sounds like science fiction – but a team of UC Berkeley School of Information researchers has proved that it can work today, using existing ‘mind reading’ headsets.
The researchers used a Neurosky Mindset brainwave reader, an $100 EEG (electroencephalograph) device which scans brainwaves via a single contact on the forehead – and tested whether thoughts could work as passwords for a computer system. Subjects were scanned as they performed mental tasks such as singing a song of their choice (in their heads), or imagining moving a finger up and down, to generate a distinctive brainwave ‘password’.
The system worked with more than 99% accuracy – so much so it could used as a cheap, secure authentication system, the researchers claim.
Even in tasks where all the subjects did the same thing, such as moving a finger up and down, each person created sufficiently different signals for the computer to differentiate between users.
“We find that brainwave signals, even those collected using low-cost non-intrusive EEG sensors in everyday settings, can be used to authenticate users with high degrees of accuracy,” said the researchers.
“Other than the EEG sensor, the headset is indistinguishable from a conventional Bluetooth headset for use with mobile phones, music players, and other computing devices.”
The tricky part, say the researchers, could be finding mental tasks which people are comfortable with – when left to their own devices, users chose ‘private thoughts’ that were difficult to repeat. Choosing a song seemed popular with subjects, the researchers say, and worked effectively.
Author Rob Waugh, We Live Security