Passthoughts, Not Passwords: Authentication Via Brainwaves 104
CowboyRobot writes "A new study by researchers from the U.C. Berkeley School of Information examined the brainwave signals of individuals performing specific actions to see if they can be consistently matched to the right individual. To measure the subjects' brainwaves, the team utilized the NeuroSky Mindset, a Bluetooth headset that records Electroencephalographic (EEG) activity. In the end, the team was able to match the brainwave signals with 99% accuracy (pdf). 'We are not trying to trace back from a brainwave signal to a specific person,' explains Prof. John Chuang, who led the team. 'That would be a much more difficult problem. Rather, our task is to determine if a presented brainwave signal matches the brainwave signals previously submitted by the user when they were setting up their pass-thought.'"
Talk about forgetting your password! (Score:5, Insightful)
"I thought my passthought. But maybe I didn't think it the right way. Let me try again..."
Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.
Since when is "works correctly 99% of the time" good enough for an authentication system?
Helpdesk Request #65398 (Score:4, Insightful)
Helpdesk,
I need help logging in. I have a migraine and can't get my passthought right. Can you send up two aspirin tablets.
Thanks
Re: thoughtcrime is comeing (Score:2, Insightful)
comeing
But spelling crimes are already here.
Re:Talk about forgetting your password! (Score:5, Insightful)
"I thought my passthought. But maybe I didn't think it the right way. Let me try again..."
Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.
Since when is "works correctly 99% of the time" good enough for an authentication system?
And what happens to the success rate if your brain chemistry and/or thought patterns change?
We know that changes take place in the brain during puberty, pregnancy, when in love, stress, medical conditions, etc. I'm curious if their testing included these scenarios. Granted, it would prevent drive-by tweeting if people would have to calm down before they could login... (grin)
Re:Talk about forgetting your password! (Score:4, Insightful)
Indeed, though a 1% false-positive rate would still make for a really lousy attack vector for anyone with serious intent - you're unlikley to get past it for the first time when it matters, and unlike a password which stays compromised until changed which allows a leisurely preparatory attack, slipping through on a false positive probably won't reliably let you through a second time when it counts. Not something you'd want as the only layer of defense protecting your top secret documents, but a significant improvement over passwords. A huge advantage for most applications would be that it makes the security system immune to attack via social engineering, probably the single most successful attack vector in the world, as well as "security degredation by convenience" where people share around passwords for accounts with access to resources that are supposed to be restricted.
Might also be very viable as part of a multi-factor authentication system, the pass-thought is already a two-factor system (thought + brain), adding a third factor with higher reliability would likely push the security beyond almost everything currently in use.