Passthoughts, Not Passwords: Authentication Via Brainwaves

← Back to Stories (view on slashdot.org)

Passthoughts, Not Passwords: Authentication Via Brainwaves

Posted by samzenpus on Monday April 15, 2013 @12:54AM from the get-your-thinking-straight dept.

CowboyRobot writes "A new study by researchers from the U.C. Berkeley School of Information examined the brainwave signals of individuals performing specific actions to see if they can be consistently matched to the right individual. To measure the subjects' brainwaves, the team utilized the NeuroSky Mindset, a Bluetooth headset that records Electroencephalographic (EEG) activity. In the end, the team was able to match the brainwave signals with 99% accuracy (pdf). 'We are not trying to trace back from a brainwave signal to a specific person,' explains Prof. John Chuang, who led the team. 'That would be a much more difficult problem. Rather, our task is to determine if a presented brainwave signal matches the brainwave signals previously submitted by the user when they were setting up their pass-thought.'"

12 of 104 comments (clear)

Min score:

Reason:

Sort:

Walk by lockouts by jbmartin6 · 2013-04-15 00:56 · Score: 5, Funny

Great, now anyone walking by can lock out my account with failed auth attempts

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
1. Re:Walk by lockouts by ByOhTek · 2013-04-15 01:01 · Score: 4, Funny
  
  I'm more worried about them realizing I'm not human, from my brain waves. I don't want to go back to my homeworld! Also, how much testing did they do to ensure there aren't issues with emotional state or distraction? If I had a family even and was stuck listening to Beyonce or Katy Perry thanks to my sister's atrocious taste in "music"... Is having that crap stuck in my head going to prevent a login?
  
  --
  Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Never Work by Greyfox · 2013-04-15 00:56 · Score: 3, Funny

I'm afraid that wouldn't work for several of my past managers. Heey-oh!

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Talk about forgetting your password! by __aaltlg1547 · 2013-04-15 00:59 · Score: 5, Insightful

"I thought my passthought. But maybe I didn't think it the right way. Let me try again..."
Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.
Since when is "works correctly 99% of the time" good enough for an authentication system?
1. Re:Talk about forgetting your password! by ByOhTek · 2013-04-15 01:16 · Score: 3, Interesting
  
  Since when is "works correctly 99% of the time" good enough for an authentication system?
  And how often do you mistype your password? I doubt many get their password right even 90% of the time unless they have rather bad passwords.
  Also, there's false positive vs. false negative. False negatives aren't so bad (especially at 1%, when retries are possible). False positives are what are really of concern.
  
  --
  Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
2. Re:Talk about forgetting your password! by jouassou · 2013-04-15 01:23 · Score: 4, Interesting
  
  Since when is "works correctly 99% of the time" good enough for an authentication system?
  It isn't. But it is an interesting proof-of-concept, which shows that using passthoughts as identification is actually possible.
  
  One interesting thought would be to combine passthoughts with other authentication technologies. Imagine walking up to a door that first performs face recognition and retina scans to determine who you appear to be. The system then accesses a database of passphrases associated with your user, displays a random one on a screen, and asks you to read it out loud. The system then uses a combination of voice recognition and brainwave scans to check if you're really who you appear to be.
  
  Although all these technologies currently have suboptimal success rates, they might yield good security if you combine them.
3. Re:Talk about forgetting your password! by David_Hart · 2013-04-15 01:41 · Score: 4, Insightful
  
  "I thought my passthought. But maybe I didn't think it the right way. Let me try again..."
  Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.
  Since when is "works correctly 99% of the time" good enough for an authentication system?
  And what happens to the success rate if your brain chemistry and/or thought patterns change?
  We know that changes take place in the brain during puberty, pregnancy, when in love, stress, medical conditions, etc. I'm curious if their testing included these scenarios. Granted, it would prevent drive-by tweeting if people would have to calm down before they could login... (grin)
4. Re:Talk about forgetting your password! by Immerman · 2013-04-15 03:18 · Score: 3, Insightful
  
  Indeed, though a 1% false-positive rate would still make for a really lousy attack vector for anyone with serious intent - you're unlikley to get past it for the first time when it matters, and unlike a password which stays compromised until changed which allows a leisurely preparatory attack, slipping through on a false positive probably won't reliably let you through a second time when it counts. Not something you'd want as the only layer of defense protecting your top secret documents, but a significant improvement over passwords. A huge advantage for most applications would be that it makes the security system immune to attack via social engineering, probably the single most successful attack vector in the world, as well as "security degredation by convenience" where people share around passwords for accounts with access to resources that are supposed to be restricted.
  Might also be very viable as part of a multi-factor authentication system, the pass-thought is already a two-factor system (thought + brain), adding a third factor with higher reliability would likely push the security beyond almost everything currently in use.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
Helpdesk Request #65398 by Rob+Riggs · 2013-04-15 01:12 · Score: 3, Insightful

Helpdesk,
I need help logging in. I have a migraine and can't get my passthought right. Can you send up two aspirin tablets.
Thanks

--
the growth in cynicism and rebellion has not been without cause
Think happy thoughts by mwvdlee · 2013-04-15 01:14 · Score: 3, Funny

So now every time I want to gain access I have to think the same thing I thought when I first entered the passthought.
"Okay, no thinking of naked girls now, anything but naked girls. Betty White! Yes, Betty White completely dressed, dressed in sexy lingerie... oh god, not that either, that's horri*".
"thank you, passthough recorded".

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
I'm thinking of a word. by PPH · 2013-04-15 01:20 · Score: 3, Funny

Please try another thought password. "Tits" is not sufficiently secure.

--
Have gnu, will travel.
Re:Escalator to hell by Errol+backfiring · 2013-04-15 02:23 · Score: 3, Interesting

But it might be quite easy with a live head. If you can intercept the signal, you can reproduce it. And intercepting a bluetooth signal should not be that hard. The problem is that it takes some "middle man hardware" to get the brainwaves into the computer. And middlemen can be a lot easier to fake. It is a bit like voice recognition: the voice may be personal and unique (or personal and unique enough), but recording a voice and playing it back is dead easy.

--
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!