Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Brain Waves Could Soon Replace Passwords Entirely (fastcompany.com)

Posted by msmash on from the pushing-the-limits dept.

Wenyao Xu and Feng Lin, assistant professors of Computer Science and Engineering at University at Buffalo and The State University of New York, write: Our team has been working with collaborators at other institutions for years, and has invented a new type of biometric that is both uniquely tied to a single human being and can be reset if needed. When a person looks at a photograph or hears a piece of music, her brain responds in ways that researchers or medical professionals can measure with electrical sensors placed on her scalp. We have discovered that every person's brain responds differently to an external stimulus, so even if two people look at the same photograph, readings of their brain activity will be different. This process is automatic and unconscious, so a person can't control what brain response happens. And every time a person sees a photo of a particular celebrity, their brain reacts the same way -- though differently from everyone else's.

We realized that this presents an opportunity for a unique combination that can serve as what we call a "brain password." It's not just a physical attribute of their body, like a fingerprint or the pattern of blood vessels in their retina. Instead, it's a mix of the person's unique biological brain structure and their involuntary memory that determines how it responds to a particular stimulus.

104 comments

  1. Comment removed by account_deleted · · Score: 0, Funny

    Comment removed based on user account deletion

  2. Easy to Hack Trump's Twitter by theshowmecanuck · · Score: -1, Troll

    The trace will be flat.

    --
    -- I ignore anonymous replies to my comments and postings.
    1. Re:Easy to Hack Trump's Twitter by Mashiki · · Score: 1, Interesting

      Look at the NPC. It's almost like they don't have any other response to a story, except ORANGE MAN BAD.

      To the article at hand though, I can see a lot of issues with this. People with chronic headaches and migraines, people with alzheimer's, especially early onset, people with MS. Those that have head injuries say from sports, since we know the damage is cumulative. That unique brain signature becomes more of an issue, and we haven't even started on stuff like dementia, schizophrenia, and so on.

      --
      Om, nomnomnom...
    2. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 0

      Orange is bad. He's not wrong. And making a witty political joke is an acceptable form of social discourse. Did you wake up on the wrong side of the sofa this morning?

    3. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: -1

      Republican nazis do not allow jokes about Der Fuhrer-tard. Federal Prison is also not a joke, but a reality for them soon. So it's easy to understand why they're butt-hurt little faggots in their daily lives.

    4. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 2, Insightful

      Why does everything have to turn political here on /. when the article is not even remotely related? People have no lives if all they do is worry about who is in the White House. I despised the BHO years, but I never once mentioned him or his cabinet in a tech forum when he was in office. I'm a conservative, and I don't think there is a single person in the current administration who supports my views or does what I think they should do, but I don't bring it up on tech forums where the isue at hand is not even political.

    5. Re:Easy to Hack Trump's Twitter by Tablizer · · Score: 1

      Look at the NPC. It's almost like they don't have any other response...

      What do you have against the National Planning Commission (of Nepal)?

      --
      Table-ized A.I.
    6. Re:Easy to Hack Trump's Twitter by Tablizer · · Score: 1

      The trace will be flat.

      Actually, I suspect his brainwaves will look like his signature.

      --
      Table-ized A.I.
    7. Re:Easy to Hack Trump's Twitter by taustin · · Score: 2

      Look at the NPC. It's almost like they don't have any other response to a story, except ORANGE MAN BAD.

      It's called Trump Derangement Syndrome, and it results in ongoing, continuous hallucinations.

    8. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 0

      Plus one for modded up chilling effect on others free speech! #MAGA

    9. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 0

      Look at the NPC. It's almost like they don't have any other response to a story, except ORANGE MAN BAD.

      An NPC is basically a bot-minded individual who spouts off the same talking points and isn't capable of original thought. The GP came up with something original and humorous that pertains to the topic of the article. And you responded with "ORANGE MAN BAD", a commonly used Trump insult. So between you and him, you ironically are the NPC.

    10. Re: Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 0

      At least we know how to use a fucking umbrella.

    11. Re:Easy to Hack Trump's Twitter by Anonymous Coward · · Score: 0

      One of the greatest ironies is that people who jerk themselves off with the "lol NPC" thing is how much their response matches what they're criticizing.

    12. Re:Easy to Hack Trump's Twitter by Mashiki · · Score: 1

      Why does everything have to turn political here on /. when the article is not even remotely related?

      Short answer: The people spouting "orange man bad" and the associated crap are so bent out of shape over Hillary losing, that they have to attach politics to everything in order to justify their support of her and their lack of support for him. That leaves you and me and everyone else three options:

      (1)Ignore it. (2)Mock the piss out of them with a dose of reality. (3)Attempt reasonable discussion and hope they get out of their delusion. I prefer option 2, usually with memes.

      --
      Om, nomnomnom...
  3. changes in your thoughts by Anonymous Coward · · Score: 0

    the first time I see the presented picture my mind will think: "I don't know who that is" and the system will store these brain waves as my password. I will then proceed to search the internet to figure out who the celebrity is. The next time I go to log into my computer and see the picture my entire thought process will be different since I'll know more about them. Hopefully I wouldn't then be locked out. I can imagine major events in a person's life could alter the way they think.

    1. Re:changes in your thoughts by ChoGGi · · Score: 1

      It'll be fine, you just update it every time, and account for the variances (that'll make it more secure...), I'm sure no major changes will ever happen to your brain.
      After all it's just three properly located sensors you need to attach to your head,

      https://ieeexplore.ieee.org/do...
      Interesting considering the fc article says 32 sensors, the paper says 30 and one of the authors of the paper also helped write the article...

      The total duration of the experiment was approximately 1.5 hours,
      including 0.5 hour for electrode placement and variable time
      in the breaks between blocks

      30 mins to attach them (I assume that's the 30 sensor, but it also seems like the 3 sensor test would take longer to do the actual testing), and I didn't bother looking too hard to see how long it'd take for the "password".

      Fourth, all data analyzed here were collected in a single session,
      meaning that the question of the biometric permanence
      of the CEREBRE protocol is still an open one. Addressing
      this question will require asking participants to repeat the
      protocol multiple times with temporal delay between sessions-
      acquisition of this data is currently ongoing in the lab

  4. Obviously this tech won't work with Republicans by Anonymous Coward · · Score: -1

    Their brainwaves never crest, just small swells of bigotry and fear controlled by over-active amygdalas...

  5. Until by Anonymous Coward · · Score: 0

    head injury, alzheimer's, mental disorder brain chemistry meds, migranes, ...

  6. fixed ... until they have a stroke by Anonymous Coward · · Score: 0

    or ahlzheimmer's or .... While an interesting idea for a biometric scan, there are a lot of things that can screw it up....

  7. Usernames, not passwords by enriquevagu · · Score: 5, Insightful

    Biometrics replace usernames, not passwords.

    User names identify who you are. You are always the same person; that can never be changed.

    Passwords validate your credentials. Passwords may be changed when they are discovered by a third party; usernames (or brain waves, as discussed in the summary) cannot be changed.

    1. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      So much for anonymity!

    2. Re:Usernames, not passwords by Anonymous Coward · · Score: 1

      Biometrics replace usernames, not passwords.

      That is not an accurate way of depicting usernames, passwords, or biometrics. Usernames identify authorized users (unique account to track access, used to validate passwords, biometrics, etc against). Biometrics are used to identify a person (who you are), passwords are used as a shared secret to help validate identity (what you know). These are not the same and should not be treated as the same.

      The issue with most biometrics to date is that they can not be changed which is important to help prevent certain types of attacks. Since the technology referenced here is operating more like a challenge response mechanism, this has certain advantages. The image that is used for invoking the brain scan can be different, pull from a set of known images, and be refreshed. This uses the brain like a unique hashing function. Since the images can be changed periodically, this would enhance security and help prevent attacks such as replay attacks and other issues. It still has significant issues with implementation, but the idea is a definite improvement for biometrics.

      Biometrics, passwords, usernames, and authentication tokens do not replace each other. They are all part of securely identifying and validating authorized access.

    3. Re:Usernames, not passwords by jiriw · · Score: 3, Informative

      The article states otherwise. You change the 'password' by changing the stimulus (use a different photograph, for example).

      Fingerprints can't be changed reliably (without surgery or self mutilation), that's true. And as such you could see them as a kind of username. And they should be used as such if the biometric sensor can't differentiate between the real you and a copy.
      But when brain waves are used as described in the article, you can use them as a password, where your brain is the 'hasher' of your 'plain text' picture, and the 'hash' (brain waves) is compared to the recorded 'hash' in the database.

    4. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      I think the other nuance is not just "can it be changed" but the decision to "relinquish" your password. Traditional passwords can be withheld until death. That is no longer the case with biometric "passwords". You can be forced to relinquish your password in numerous situations that could range from a simply tricking the person to kidnapping.

      Biometric passwords also increase the effectiveness of kidnapping and you may see more of it.

    5. Re:Usernames, not passwords by pr0fessor · · Score: 1

      That and i'm not sure that outside stimulus couldn't throw that off to begin with... like caffeine

       

    6. Re:Usernames, not passwords by Gravis+Zero · · Score: 1

      User names identify who you are. You are always the same person; that can never be changed.

      If I've learned anything from infosec, biology and cyberpunk anime then it's that identity (to others and yourself) is quite mutable with the proper application of technology.

      --
      Anons need not reply. Questions end with a question mark.
    7. Re:Usernames, not passwords by arth1 · · Score: 1

      That is not an accurate way of depicting usernames, passwords, or biometrics. Usernames identify authorized users (unique account to track access, used to validate passwords, biometrics, etc against). Biometrics are used to identify a person (who you are), passwords are used as a shared secret to help validate identity (what you know). These are not the same and should not be treated as the same.

      Don't forget the what you want part, i.e. authorization by the user[*]. Biometrics do not provide this.

      [*]: Authorization is a two way street - not only does the service authorize the user, but the user also authorizes the service. Take away user-initiated authorization, and you open for exploitation and coercion.

    8. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      I think this is the true purpose. Then in the future you can be denied access to everything all at once.

    9. Re:Usernames, not passwords by Calydor · · Score: 1

      Or a headache, or stress, or having slept badly, or someone talking to you ...

      --
      -=This sig has nothing to do with my comment. Move along now=-
    10. Re:Usernames, not passwords by wirelessjb · · Score: 1

      It's more accurate to say that usernames represent who you claim to be. Passwords are an attempt to verify that you are who you say you are... or that you are an authorized proxy.

    11. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      Notice that this can be changed easily, so it's not a username, and is indeed more like a password. Change what you think and you change your brainwave. It's something you know filtered through something you are.

    12. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      If they can read your mind, knowing your password becomes easy. I agree with the title completely, but not for the reasons in the article.

    13. Re: Usernames, not passwords by Anonymous Coward · · Score: 0

      "The issue with most biometrics to date is that they can not be changed"

      To date?

      I would never sign up for a brain password. Basically it means someone can trick me into authorizing something.

    14. Re:Usernames, not passwords by Anonymous Coward · · Score: 0

      I'm sure police would love if you could unlock everything with only involuntary brainwaves. Then they wouldn't even have to compel you to give up the info.

  8. Soon? Maybe someday; emphasis on maybe by Zero__Kelvin · · Score: 1

    I don't even want to know what goes on in someone's brain who can read about this research and can conclude that it will replace passwords anytime soon. For one thing the mind changes over time so we don't even have reason to believe that this unique response will remain static over time. Then there is the issue of industry adoption, not to mention the minor detail of needing to strap electrodes to your head connected to what is no doubt bulky and expensive hardware.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    1. Re:Soon? Maybe someday; emphasis on maybe by iMadeGhostzilla · · Score: 1

      Eh we all hope to have the maximum impact on the world so we amp up the significance of what we do.

      But I wonder if it's always been like that, and whether people were at other times more realistic about their role in the world. Maybe it's the internet that's stimulating this distortion.

    2. Re:Soon? Maybe someday; emphasis on maybe by RespekMyAthorati · · Score: 1

      I suppose it could be useful for extreme high-security situations such as for access to military installations.

  9. Soon replace? by Oswald+McWeany · · Score: 3, Insightful

    My main disagreement with this article is over the word "soon".

    --
    "That's the way to do it" - Punch
    1. Re:Soon replace? by jfdavis668 · · Score: 1

      Soon...

    2. Re:Soon replace? by sacrilicious · · Score: 1

      Prediction: Won't happen, ever.

      --
      - First they ignore you, then they laugh at you, then ???, then profit.
  10. Hungover by Anonymous Coward · · Score: 2, Funny

    Will it work hungover?

    Drunks everywhere need to know.

    I suppose it could be a fail-safe to not work drunk or hungover.

    1. Re:Hungover by sheramil · · Score: 1

      Do you really want to be operating your phone or computer if you're that drunk?

    2. Re:Hungover by Anonymous Coward · · Score: 0

      Not it wont, but this is a good thing, no more drunk postings!

  11. "Soon" ??? by QuietLagoon · · Score: 1

    Soon? I figure this is years, if not longer, before brain waves replace passwords entirely. It's another case of things looking best before they have to be widely used. Unfounded optimism abounds.

  12. Bull by Anonymous Coward · · Score: 1

    Bullllshiiiiiiiiiiiiiiiiit.

  13. Replace with Gravitational Waves by jfdavis668 · · Score: 1

    So your system unlocks when you walk up to it.

    1. Re:Replace with Gravitational Waves by Anonymous Coward · · Score: 0

      Only Americans produce gravity waves strong enough to detect.

    2. Re:Replace with Gravitational Waves by jfdavis668 · · Score: 1

      That will keep out Chinese and Russian hackers.

  14. Another alt-rightie tries to silence others by Anonymous Coward · · Score: -1

    Look at the NPC. It's almost like they don't have any other response to a story, except ORANGE MAN BAD.

    Look at the Alt-Rightie. It's almost like he's trying to completely dehumanize another poster ("NPC?" Really? That's the best you can do?) for having the audacity of making a humorous quip that reflects badly on his Orange God.

    1. Re:Another alt-rightie tries to silence others by Mashiki · · Score: 1, Insightful

      It's almost like he's trying to completely dehumanize

      Sorry, you don't get to play this game. After the last decade of labeling people sexists, racists, misogynists, homophobes, transphobes, race traitors, uncle toms, house ni**ers, xenophobes, red necks, country hicks, and of course nazi's.

      I hope you enjoy the rule set you've created. Or maybe it's because the NPC meme just strikes too close to home, and you know you're simply spouting garbage, devaluing words, and simply don't care. Somethingsomething groupthink.

      --
      Om, nomnomnom...
    2. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: -1

      Not OP, but really, what does everyone have against Trump? I don't find him offensive, and he's not even my guy. I voted for him to vote against HC. Both are not right for this country. Where are the Eisenhowers and Churchills these days? I'm a conservative, but there is not one person in the current administration that supports my views. Not one. None of them are true conservatives. Not a one. I seem to vote in vain these days. Kudos to Brazil for electing someone who will actually get something done down there.

    3. Re:Another alt-rightie tries to silence others by taustin · · Score: 0

      The left (especially the party leadership for the Democrats) are acting more and more like they're building an extremist cult. They act increasingly deranged and disconnected from reality, and set increasingly insane and impossible goals. This is a necessary step to create a cult; it isolates the membership from the mainstream, to keep them from seeing how deranged their leadership is, and how deranged they, themselves are becoming. I suspect the party leadership has realized how screwed they are, and are just digging in, and trying to keep the money flowing in.

      It's like the DNC is using Eric Hoffer's The True Believer as an instructional manual.

    4. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: 0

      It doesn't strike close to home. The brainwashed far-right has gone fascist. You're looking at fascism from the inside, as decent people look on in horror.

    5. Re:Another alt-rightie tries to silence others by illumina+us · · Score: 1, Troll

      What are you talking about? Let's just compare/contrast the last two leaders (and for this purpose we are going to say POTUS) of the DNC and GOP. Just pick two random speeches; any two. Please tell me which one you think is deranged. I'm getting really sick of this tribal mentality nonsense. We don't discuss issues anymore. Politics has degraded into the equivalent of WWE smack talk.

      --
      -illumina+us "I put on my robe and wizard hat..."
    6. Re:Another alt-rightie tries to silence others by reboot246 · · Score: 0

      Compare Obama's 2005 Senate speech on immigration and any of Trump's speeches on immigration. They agree 100%, but since 2005 one of them has changed his position. If Obama gave the same speech today, you'd all call him the same names that you call Trump, right?

    7. Re:Another alt-rightie tries to silence others by Ol+Olsoc · · Score: 1

      The left (especially the party leadership for the Democrats) are acting more and more like they're building an extremist cult.

      Says the guy who approves of the party of the MagaBomber.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    8. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: 0

      You're a moron who hasn't actually done your proposed exercise, nazi faggot. You'd better get back to russia before we hang you traitors.

    9. Re:Another alt-rightie tries to silence others by Mashiki · · Score: 1

      Says the guy who approves of the party of the MagaBomber.

      You mean the guy who openly said he hated Trump. How's that reasoning working out for ya?

      --
      Om, nomnomnom...
    10. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: 0

      They act increasingly deranged and disconnected from reality

      Such as?

      and set increasingly insane and impossible goals

      How's that wall coming along?

      it isolates the membership from the mainstream

      Yup, it's the Democrats and lefties who are saying that mainstream media is pushing fake news. Oh wait

      Oh, maybe you mean it's the lefties who are abandoning mainstream social media sites like facebook and twitter, trying to find havens in gab, the -chans, "the intellectual dark web", etc.... oh wait

      to keep them from seeing how deranged their leadership is

      Yeah, I totally see how on the Democrat side of things, there isn't a movement in Justice Democrats who are resisting their leadership which they call establishment or corporate democrats.

      All those times Sarah Sanders has to talk to the press and explain why their leader is totally fine and awesome and sane and there's nothing to worry about (but keep hating more on the left, it's all their fault, can't forget our daily two minutes of hate), she was talking about some lefty Democrat leader, and not the guy in the White House.

    11. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: 0

      You mean the guy who openly said he hated Trump. How's that reasoning working out for ya?

      Well, using right wing reasoning, the guy obviously didn't mean it literally. Just like how when Trump said somebody about shooting people in broad daylight (and still get votes) or some kind of 2nd amendment solution, his fans insist he didn't mean that he literally wants to shoot people, or that he's inciting violence.

      So we can't assume the guy actually means it literally when he said he hates Trump.

      Then, we'll use the logic a recent right wing sweetheart, Jordan Peterson (I see him as the right's version of Anita Sarkeesian, multiplied by being one of them long time teachers/professors who spend more time in the ivory towers of schools than in the real world... probably what Justin Trudeau would have become if he stuck to his teaching career): the guy may say he hates Trump, but he is acting out as a Trump fan. (paraphrasing JP) You can't be a be non-believer in your actions you see. The guy acts like a Trump fan, with the van and choice of targets (which seemingly missed Trump, who he supposedly hates)

    12. Re:Another alt-rightie tries to silence others by Mashiki · · Score: 1

      You skipped psychology 101, and basics of human interactions in stressed environments. Try again without the word salad, and then back up assertions with fact, I'll wait for you to hit the brick wall in your reasoning.

      --
      Om, nomnomnom...
    13. Re:Another alt-rightie tries to silence others by Anonymous Coward · · Score: 0

      You skipped psychology 101

      My comment doesn't rely on psychology though. I'm just applying right wing reasoning which I've observed right wingers use.

      basics of human interactions in stressed environments

      That's... a nice word salad. Sounds like whatever you learn in psych 101 isn't that useful. Are you sure it wasn't a social justice course in disguise?

      Try again without the word salad

      What word salad? My post was barely high school level English. Methinks you're projecting, like your counterpart AmiMojo often does.

      back up assertions with fact

      Assertions? You asked a question about reasoning. I gave an answer. This isn't some argument or debate.

      But for what it's worth, I did provide facts. For your benefit, I'll type it again, and I'll type it slower this time so hopefully you won't miss it.

      It's a fact that when Trump says something that lefties take literally and be outraged, the right will defend him saying that you can't take Trump literally.

      It's a fact Jordan Peterson has risen in popularity among the right. It's a fact Peterson said that you can't be a non-believer in your actions.

      I'll wait for you to hit the brick wall in your reasoning.

      You'll have to wait a long time, since again, I'm just using right wing reasoning, and I see no signs of that slowing down.

      Or are you buying into the left's narrative that there's gonna be a blue wave in new couple of weeks?

  15. Another expensive solution to a solved problem by KalvinB · · Score: 1

    We've had key fobs for decades. Databases have been able to hold more than 8 characters for a password for decades. Any system that hashes the user's password doesn't actually care how long the password is since it's hashed down to a fixed length anyway.

    The problem is not making use of key fobs to allow per account passwords to be stored so you don't have to share passwords between accounts and those passwords should be a long string of random characters that never need to be typed in.

    With key fobs, the account provider could issue the password when you register instead of having the user pick one. Put in your email address, give access to the fob, the provider can write a single password to their account file on your fob, done.

    --
    Work Safe Porn
  16. Mashiki faggot can't handle a Trump reference, lol by Anonymous Coward · · Score: 0

    Check out the Republican Nazi losing his shit over a free speech joke about the government! What a traitor. Mashiki you should be run out of this country by white people soon, enjoy your advocacy nazi faggot apologist!

  17. My Brain is My Password. Verify Me. by bobstreo · · Score: 1

    I guess the something you have is your brain, the something you know is which selected piece of music, or a picture of your favorite porn star you chose to use.

    Seems pretty complicated and hard to save the info in your selected browsers password store,,,

  18. Mashiki faggot can't handle a Trump reference, lol by Anonymous Coward · · Score: -1

    Check out the Republican Nazi losing his shit over a free speech joke about the government! What a traitor. Mashiki you should be run out of this country by white people soon, enjoy your advocacy nazi faggot apologist!

  19. Basic requirements for access rights by quietwalker · · Score: 1

    I know not a lot of people have thought about this, but it's important. Passwords are one form of access rights. Keys are another. Heck, a secret handshake would be usable, if not entirely secure. The good ones though, they all have fundamental similarities:

    * They can be changed
        Someone lets the password slip? Loses a key? The enemy gets the launch codes? ... you need to be able to change it
    * They are reliable
        Ever get a drivers license that's valid 60% of the time?
    * They can be transferred/communicated
        Leaving a job and your replacement needs access? Sold your car and the new owner would like to drive it?
    * The correct form of access isn't easily accessible
        You don't tape the access code to the security door. You do use a key fob with a rotating access code. Etcetera, Etcetera.

    There's others, like auditing and such, but the thing is, biometrics fail on every one of these to some extent. Ever try to give someone else your fingerprints, or change them? Did you know that your fingerprints will subtly change over time - or quite quickly in some cases; ever burn your fingers on an iron? They're not changable (in a deliberate sense), reliable, communicable, and their very nature makes them relatively publicly accessible.

    They're not a replacement for passwords, and never will be, regardless of the level and sophistication of tech we arrive at. They're a way to provide convenience at the cost of security, like your amazon echo.

  20. Involuntary response by Anonymous Coward · · Score: 1

    So a dag guy can "force" you easily to use your password!

  21. Lead by Oligonicella · · Score: 1
    "Soon" only appears in the lead of the story. If Wenyao Xu Feng Lin or Zhanpeng Jin wrote it, they're idiots. If someone else did, *they're* idiots. Not from the tech, they promote that they can do it with a special hat with three sensors, from the world outside the lab. It's another of those "people need to change their basic habits to work" things, which won't happen (reference the dramatic adoption of Google Glass).

    Although I agree with others that their tests were "shallow", let us say, that's not what will kill it.

    FTA:

    Then the person would put on a soft comfortable hat or padded helmet with electrical sensors inside.

    "Soon" we'll be seeing soft hats or helmets hanging on the ATM to verify us. Oh, we have to buy our own? Right. Not gonna happen either way.

    1. Re:Lead by Gavagai80 · · Score: 2

      The writers of exaggerated unrealistic headlines that make everything sound like it'll change the world tomorrow are not idiots. They're paid to do exactly what they do, just like the "one weird trick" writers.

      --
      This space intentionally left blank
  22. Biometrics cannot replace secrets by SLOGEN · · Score: 1

    Biometrics cannot replace any secrets. They can, at best, be used to authenticate local presence in closed systems.

    "Authentication" via remote biometric measurement carries absolutely no guarantee that actual bio was involved and thus does not have any valid security properties.

    Such remote usage is *bad* both ways: An attacker can replay biometrics and a non-attacker cannot recover from biometric information copying,... ever!

    Think about that every time you show your fingerprint to random scanners. You are effectively giving away your (lifetime) biometric to the scanner so it can simulate it to the authentication software. It could choose to store and forward to others and pretend that your finger is there at will. You are effectively trusting *every* scanner not to do this.

    --
    SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
    1. Re:Biometrics cannot replace secrets by mark-t · · Score: 1

      You can't fake somebody's brain though. And presenting a false hash of the expected brain to another machine to try and fake being somebody else would require compromising the target machine in the first place so that it wasn't going to do its own scanning, so you wouldn't just be able to arbitrarily pretend to be somebody else without literally making a duplicate of that person's brain.

      --
      File under 'M' for 'Manic ranting'
    2. Re:Biometrics cannot replace secrets by SLOGEN · · Score: 1

      I don't see a fundamental difference. You don't need to fake the brain, only the transmitted "measurements".

      My whole argument about biometrics security properties being tightly local is exactly the constraint needed to make an argument that you "would require compromising the target machine".

      "The sensors would record the persons brain waves. Just as when registering a fingerprint for an iPhones Touch ID, multiple readings would be needed to collect a complete initial record. Our research has confirmed that a combination of pictures like this would evoke brain wave readings that are unique to a particular person, and consistent from one login attempt to another." -- TFA

      This suggest that one would simply need such a "complete initial record" to pose as your brain. That would make sense as attackers and the "real" authenticator would then have the same information. You certainly don't want two different systems authenticating off the "complete initial record".

      Maybe some difference in information can be maintained in a secrecy of the images show in the "real" scenario, but it should be quite hard make that difference remain. At least some of it would leek every time you authenticate.

      For this to work, I think you would essentially need the brain to work as a cryptographic secure hash-function. Maybe it really does, but I think such a claim requires quite a bit more than "Our research has found that the new brain password would be very hard for attackers to figure out, even if they tried to use the old brainwave readings as an aid" and "demonstrated to provide 100% identification accuracy in a pool of 50 participants"

      --
      SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
    3. Re:Biometrics cannot replace secrets by mark-t · · Score: 1

      You don't need to fake the brain, only the transmitted "measurements".

      Presumably, whatever is doing the transmitting is "trusted", and that's the thing you'd have to compromise.

      --
      File under 'M' for 'Manic ranting'
  23. Nosebleed all of a sudden. by Anonymous Coward · · Score: 0

    The computer is your friend.

  24. Biometrics Are Not Secrets by Anonymous Coward · · Score: 0

    Biometrics: Uses and Abuses

    Written by Bruce Schneier and published in August 1999; and now more relevant ever.

  25. Identification != authenticaion by 140Mandak262Jamuna · · Score: 2
    Brain waves, fingerprints, retinal scans, rectal scans too for that matter, are forms of identification that can identify someone.

    Signatures, passwords, digital certificates, rsa id pair, signet rings, seals etc are forms of authentication and approval. Do not confuse between the two.

    But.... Social security number, a form of identification is regularly misused and abused as authentication.

    Whats worse is a wide array of semi public info, information easily known to close family members like mother's maiden name or where someone went to school masquerades as authentication for password reset process.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Identification != authenticaion by Anonymous Coward · · Score: 0

      authentication for password reset process.

      This thing always annoyed me. In fact, it is pretty much the reason most sites got rid of password resets because retards and retarded questions.
      Every one of my password resets has themselves been a 2nd password!

  26. Drugs? by Anonymous Coward · · Score: 0

    The question is, will your login fail when you're high or drunk?

  27. Every time is reacts the same way? by Anonymous Coward · · Score: 0

    I seriously doubt that one's brains reacts the same way to a photo every time you look at it. On the extreme, the way my brains reacts to photos of Bill Cosby today would most likely be different that 15 years ago. On the less extreme, I also suspect the way a brain reacts to something probably varies to some degree depending on what mood they are in. A picture of an attractive person of the opposite sex is probably going induce a much different reactions for someone who just got laid vs someone who just got dumped.

  28. Quote "The Lawnmower Man"... apk by Anonymous Coward · · Score: 0

    See subject & Dr. Angelo (Pierce Brosnan) "ALTeRiNg BrAiNwAvE PaRaMeTeRs..." (begin brainstem injection) FROM https://www.youtube.com/watch?...

    * Had to do it...

    ("MIND OVER MATTER, Dr. Angelo - not a miracle - a FACT! It's NOT new - I realize nothing that we'rve been doing is new: We haven't been tapping into new areas of the brain. We've just been awakening the MOST ANCIENT. This technology is simply a route to powers that conjurers & alchemists knew CENTURIES ago. Human ract lost that knowledge & now I'm reclaiming it thru virtual reality. You realize Dr. Angelo that my intelligence has surpassed yours. & I can't allow your fear of what you don't understand to get in the way of this work..." - JOB/Jeff Fahey)

    APK

    P.S.=> I just watched it again last night is why... apk

    1. Re:Quote "The Lawnmower Man"... apk by Anonymous Coward · · Score: 0

      The APK chat bot is broken again, it is talking complete gibberish. Someone format the system and reload it fresh. This time don't train it on 4chan discussions.

    2. Re:Quote "The Lawnmower Man"... apk by Anonymous Coward · · Score: 0

      Just so everyone knows Dr. Angelo is what Alexander Peter Kowalski has named the jar of mayonnaise he keeps forgetting to put in the refrigerator. His posts, like the one above, are a clear sign of his continuing untreated debilitating mental illness.

  29. But remember,... by necro81 · · Score: 1

    When a person looks at a photograph or hears a piece of music, her brain responds in ways that researchers or medical professionals can measure with electrical sensors placed on her scalp

    But remember, you must think in Russian.

  30. Migraine? by Anonymous Coward · · Score: 0

    Or with a migraine.

  31. paid for By the FBI by Joe_Dragon · · Score: 2

    paid for By the FBI.

    All right jay we just going show up a lot of pic's till your phone unlocks. and I just checked showing pics does not need to have your attorney with you.

  32. NEVER. Brainwaves can't replace passwords. by gavron · · Score: 2

    Multiple factor authentication includes SOMETHING YOU HAVE (fob, fingerprint, retina, brainwaves, token) and SOMETHING YOU KNOW (PIN, password, passphrase, your mother's maiden name, etc.)

    The key to good authentication is to require all factors to be presented in order to authenticate. A brainwave is definitely something you have, and like a fingerprint, it's something someone else can sample to force you to authenticate against your will. Even if it becomes so sophisticated as to be able to "read your mind" thinking a specific word ("pink elephant") all it would take is the black-hat actor asking you to think about "pink elephant" and your mind would do so, thereby authenticating.

    Passwords, PINs, passphrases, challenges, etc. require us to ACTIVELY CHOOSE to authenticate. Law enforcement hates this. So do black-hat actors. Those of us who favor authentication love it.

    Brain waves will NEVER REPLACE PASSWORDS ENTIRELY soon or at any other time.

    Ehud

  33. Nope by LordHighExecutioner · · Score: 1

    Most of my coworkers would be unable to login...

  34. Umm, _secret_ password by holophrastic · · Score: 1

    So, anyone who shows me the photo gets my password? Sounds like every phisher's dream.

    Last I checked, access credentials need to be deniable -- no, you can't have my password/key/handshake. It's a secret.

  35. Here's Johnny! by Anonymous Coward · · Score: 0

    Mnemonic, that is.

  36. but brainwaves can change ... by Anonymous Coward · · Score: 0

    If you set my password to be a picture of my dear Aunt Bertha, it will generate happy thoughts.
    Whoops - Aunt Bertha died last week. Now we get a different set of thoughts.

    Set it to something like a favorite actor, say Bruce Willis. Happy thoughts.
    Whoops - I just watched "The Whole Ten Yards" last night. Bruce has now left the category of favorite actor.

  37. Quote Lawnmower man, again (so it sinks in) by Anonymous Coward · · Score: 0

    Especially to "your kind" the UNIDENTIFIABLE anonymous STALKERS of me: "You realize Dr. Angelo that my intelligence has surpassed yours & I can't allow your fear of what you don't understand to get in the way of this work" -> https://search.slashdot.org/co...

    * :)

    (Now get the F out of MY way, fool... lol!)

    APK

    P.S.=> You're the one 'trained on 4chan discussions' - you didn't even offer anything of value to MY post OR this discussion... apk

  38. What if you're not baseline? by Anonymous Coward · · Score: 0

    And blood-black nothingness began to spin
    A system of cells interlinked within
    Cells interlinked within cells interlinked
    Within one stem.

    And dreadfully distinct
    Against the dark, a tall white fountain played.

    Cells.
    Cells.
    Have you ever been in an institution Cells.
    Cells.
    Do they keep you in a cell? Cells.
    When you are not performing your duties do they keep you in a little box? Cells.
    Cells.
    Interlinked.
    Interlinked.

  39. Profit by Anonymous Coward · · Score: 0

    1. Identify key biometric data you want to harvest/monetize.
    2. Make that part of the authentication mechanism of some product.
    3. ???
    4. Profit!

    Fingerprints, iris of the eye, and now brainwaves. Maybe the next phone will have a tiny pin you can prick your finger with to get a blood sample.

  40. So you mean.... by Anonymous Coward · · Score: 0

    my voice is *NOT* my passport?

  41. Borderland Agents by Anonymous Coward · · Score: 0

    So you will have to spill your brain waves to border agents or declared terrorist.

  42. Identifier is not a password by Anonymous Coward · · Score: 1

    A password is NOT an identifier, it is an act of submitting something, voluntarily, with free will. A cut off index finger is NOT a password, nor is ANY biometric data.
    Biometric data can be replicated, whereas recalled memory you voluntarily submit is different, it is the sum of free will and identity.

  43. No, not with current laws. by Mal-2 · · Score: 1

    This transforms "what you know" into a shade of "who you are". Stay with passcodes and passwords. The legal system would love for us to all move to biometrics, so we can't "forget" and deny them access.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  44. Time for Americans to think like Russians. by geekymachoman · · Score: 1

    https://www.youtube.com/watch?...

  45. No They Wont. by Anonymous Coward · · Score: 0

    Stop lying /. America is more likely to experience food riots than brain logins by a factor of atleast 10.

    This site is so much garbage.

  46. Re:NEVER. Brainwaves can't replace passwords. by Anonymous Coward · · Score: 0

    I thought the three things you could choose from for multi-factor were:
    Something you have.
    Something you know.
    Something you are.

    I think this would qualify as that third one.

  47. Dear UNIDENTIFIABLE anonymous STALKER of me by Anonymous Coward · · Score: 0

    Everyone KNOWS you're just an UNIDENTIFIABLE anonymous STALKER of myself & an off-topic "ne'er-do-well" do-NOTHING zero.

    APK

    P.S.=> It's all you'll EVER be... apk

  48. "My brain? That's my second favorite organ!" by DutchUncle · · Score: 1

    Woody Allen, "Sleeper" https://www.youtube.com/watch?...

  49. No thanks by Anonymous Coward · · Score: 0

    No, thank you. If someone start treating me with a rubber hose, I rather give him my passwords and leave than being kept around because my head is my password.