Skip to main content

Researchers developing technology to replace passwords with 'passthoughts'

With more and more companies succumbing to sophisticated hacks, the need for secure passwords has been a big topic of discussion lately. But how do you know if you're safe? And how do you remember the different codes you've selected for sites across the web?

That might not be a problem in the future. Researchers from the UC Berkeley School of Information have been working on brain-controlled passwords. Basically, you could just think your password and the site you are trying to access would unlock via the power of brain waves.

Previous research involving electroencephalograms (EEGs), or brainwave measurements, collected data via several electrodes connected to the subject. The Berkeley research team, however, wanted to determine whether they could get an accurate EEG reading using just one electrode - the Neurosky MindSet - connected to the brain's left frontal lobe.

The team reduced error rates to below one per cent, but ultimately, the goal is to create a system that people will actually use. Sophisticated password options - like fingerprint and iris scanners - have been available for some time, but are not widely used because they are "slow, intrusive, and expensive," researchers said.

As a result, researchers focused on thought-based tasks that users actually found entertaining. The team asked test subjects to think of seven different tasks, including a specific motion from a sport (like swinging a baseball bat), counting objects that matched a colour of their choice, and coming up with something on their own.

People didn't like the sports option because "they found it unnatural to imagine the movement of their muscles without actually moving them," researchers said. Coming up with something on their own, meanwhile, resulted in complicated codes that were difficult to repeat. The colour-counting option was a favorite, as was the option to simply focus on their own breathing.

The results, researchers said, prove that brainwave-controlled passwords, or passthoughts, might not be the stuff of science fiction.

"We find that brainwave signals, even those collected using low-cost non-intrusive EEG sensors in everyday settings, can be used to authenticate users with high degrees of accuracy," they said.

Chuang recently presented the team's findings at the 2013 Workshop on Usable Security at the Seventeenth International Conference on Financial Cryptography and Data Security in Okinawa, Japan.

The Berkeley team are not the only ones looking at passwords. In January, Google said it was investigating alternatives to the password - like a USB-based card from Yubico that would sign you into your Google account when inserted into a device.

In February, meanwhile, Lenovo, PayPal, and four other firms teamed up to launch FIDO, which aims to revolutionize online authentication.

Image Credit: Flickr (marc falardeau)