The idea that we might ‘think’ passwords instead of typing them sounds like science fiction - but a team of UC Berkeley School of Information researchers has proved that it can work today, using existing 'mind reading' headsets.

The researchers used a Neurosky Mindset brainwave reader, an $100 EEG (electroencephalograph) device which scans brainwaves via a single contact on the forehead - and tested whether thoughts could work as passwords for a computer system. Subjects were scanned as they performed mental tasks such as singing a song of their choice (in their heads), or imagining moving a finger up and down, to generate a distinctive brainwave 'password'.

The system worked with more than 99% accuracy - so much so it could used as a cheap, secure authentication system, the researchers claim.

Even in tasks where all the subjects did the same thing, such as moving a finger up and down, each person created sufficiently different signals for the computer to differentiate between users.

“We find that brainwave signals, even those collected using low-cost non-intrusive EEG sensors in everyday settings, can be used to authenticate users with high degrees of accuracy,” said the researchers.

“Other than the EEG sensor, the headset is indistinguishable from a conventional Bluetooth headset for use with mobile phones, music players, and other computing devices."

The tricky part, say the researchers, could be finding mental tasks which people are comfortable with - when left to their own devices, users chose ‘private thoughts’ that were difficult to repeat. Choosing a song seemed popular with subjects, the researchers say, and worked effectively.