How your next password could be your brain

brain-padlock-1200

brain-padlock-550It’s time to put another body part through the biometrics wringer in the ongoing quest to replace passwords.

This time, it’s your brain.

Specifically, researchers have been looking at how your brain responds to certain acronyms.

According to New Scientist, researchers found that volunteers’ brains had a reaction to each of 75 acronyms (e.g., FBI, DVD) in a way that was unique to each individual.

The difference between the volunteers’ brain reactions was enough for the system to pinpoint their identities with accuracy of up to 97%.

The study, from Neurocomputing, is titled – appropriately enough – Brainprint.

The work was done by a group of researchers from the Basque Center for Cognition and Binghamton University.

This isn’t the first time that unique brain activity has been looked at as a potential authentication factor.

Back in 2007, for example, scientists were looking at identifying people via unique patterns of brain activity.

The thing is, brains are full of noise that makes it tough to pick up clean measurements.

The Basque and Binghamton team has addressed the issue by focusing on brainwaves from one particular region of the brain that’s associated with the task of reading and recognising words, producing a clearer signal that can be measured more quickly.

There are various types of memories: episodic memories that record experience, and semantic memories that simply record word meanings.

Semantic memories are subtly different for each of us, making them potentially useful for authentication. As well, they don’t tend to change much over time, as opposed to episodic memories.

New Scientist gives the example of the word “bee.”

If you’re stung, episodic memory neurons that fire when you next read the word will change to accommodate your experience, though your semantic memory of the meaning of the word “bee” isn’t believed to change substantially.

Will the brainprint be potentially useful in authentication?

Maybe, but only after the researchers come up with a more convenient and comfortable way to access the information, given that the high degree of labeling accuracy was achieved with the use of three electrodes on the volunteers’ scalps: what the researchers said was the minimal possible number to acquire clean data.

Naked Security recently looked at something similar, though not brainprints per se: In January, researchers at the US military’s elite West Point military academy were awarded a multimillion dollar contract to produce a new identity verification system based on users’ behaviour.

Authentication has traditionally relied on users producing one or more of the following: something you know (such as a passwords or PIN), something you have (such as a number from an RSA key) or something you are (such as your fingerprints or face.)

The technology that West Point is working on, behaviour-based biometrics, adds another factor to the mix: something you do.

Transparent, behaviour-based biometrics – or a “cognitive fingerprint” – could provide the nudge that’s needed to push biometrics into the mainstream.

Brainprints also show promise, albeit with a) an inconvenient need to wire scalps, and b) an accuracy rate that the researchers describe as a good starting point, but not the kind of accuracy you’d want to have protecting a roomful of secrets.

In fact, the researchers’ accuracy rates are currently far less than achieved when scanning a fingerprint or an iris, according to biometrics expert Kevin Bowyer, of the University of Notre Dame in Indiana.

In addition, both brainprints and cognitive fingerprints have major obstacles to overcome before we see them seriously challenge the wheezy old standby of passwords.

The first is that you can’t change your biometrics. So what do you do if you’re compromised?

Still, they may point the way to a future without passwords.

After all, both cognitive fingerprints and brainprints offer the promise of continuous authentication, which is a marked improvement over the periodic authentication provided by logging on using a password or a iris.


Image of brain and padlock courtesy of Shutterstock.