Could "brainprints" replace passwords, fingerprints and retinal scans?
Passwords are the bane of many a computeruser's existence. Experts recommend long strings of characters containing a mixof upper and lowercase letters, numbers and symbols that may be difficult tocrack, but can also be difficult to remember. Despite there being simpletechniques for creating difficult-to-crack passwords that are easy to remember andhorror stories of identify theft abound, the top two most common passwords remain "12345"and "password". But a study out of Binghampton University (BU) in NewYork suggests brainwaves could be a promising alternative to verify a user'sidentity.
Researchers at BU read a list of 75acronyms, such as FBI and DVD, to 45 volunteers and observed the brainwavesthat resulted from each group of letters, focusing on the part of the brainassociated with reading and recognizing words. This was done with the placementof just three electrodes on the scalp, which is the minimum number that can beused and still obtain a clean reading.
While each respondent's brainwaves exhibitedidentifiable features that were consistent in response to a given acronym, thereactions – or "brainprints" – were different enough betweenrespondents to allow a computer system to identify each volunteer with an accuracyof 94 percent. These results were also stable over time, with identificationpossible after a lag of up to six months.
Sarah Laszlo, assistant professor ofpsychology and linguistics at BU and study co-author, says that brainbiometrics offer a number of advantages over other physical characteristicsused for biometrics, such as fingerprints or retinas. For example, both ofthese can be stolen by malicious means, rendering them unusable by the user since they can't be replaced.
"Ifsomeone's fingerprint is stolen, that person can't just grow a new finger toreplace the compromised fingerprint – the fingerprint for that person iscompromised forever," points out Laszlo. "Fingerprints are'non-cancellable.' Brainprints, on the other hand, are potentiallycancellable. So, in the unlikely event that attackers were actually able tosteal a brainprint from an authorized user, the authorized user could then'reset' their brainprint."
Whilethe researchers don't see brainprints as a potential replacement for passwordsfor low security applications in the near future – after all, who wants to hookthemselves up to an electroencephalograph (EEG) just to log into their email –they do see the technology having potential in high security environments.
"Wetend to see the applications of this system as being more along the lines ofhigh-security physical locations, like the Pentagon or Air Force Labs, wherethere aren't that many users that are authorized to enter, and those usersdon't need to constantly be authorizing the way that a consumer might need toauthorize into their phone or computer," says Zhanpeng Jin, assistantprofessor at Binghamton University’s departments of Electrical and ComputerEngineering, and Biomedical Engineering.
Theteam's study appears in the journal Neurocomputing.