Keeping passwords secure is a constant battle. Managing dozens of passwords across accounts and devices can become confusing and frustrating. But what if your brain could give your passwords without you needing to remember any? That could soon become a reality.
Professors of Computer Science and Engineering at the University at Buffalo and the University of Colorado Denver have been developing ways to use brain activity in response to different stimuli in place of passwords.
Biometrics are becoming more prevalent in everyday technology to increase security and ease-of-access. Most high-end mobile phones entering the market now have fingerprint recognition for unlocking, and facial recognition is becoming more widespread. Similarly, Windows 10 has integrated support for biometric entry with Windows Hello.
On compatible devices, this can use fingerprint, iris or face scanning to identify the individual attempting to access the device. These methods are much more secure than standard passwords as they are individual and cannot be shared. However, the stored data could be used by criminals to access secure materials.
“You can’t grow a new fingerprint or iris if that information is divulged” – Wenyao Xu
Although, the issue with biometrics is that they are finite. There are only ten fingerprints per person, two irises and one face. If one of these become affected, then it is rendered useless. For example, if a database with employee’s fingerprint maps is compromised, then those employees can never use fingerprint access in professional or personal life through the possibility of the hackers being able to use the fingerprint details to access accounts. This is exactly what happened to 5.6 million federal employees in the USA in 2015.
In contrast, using brainwaves to replace passwords and biometrics is more secure but comes with the individualised benefits of biometric entry. When looking at an image, each person’s brain produces a certain reaction. This is unique for each individual but when looking at the image again, the individual will have the same subconscious response in the brain. Therefore, this response can be monitored and used as a personal passcode. The researchers have found that the more images used in sequence, the more secure the entry will be. They have developed a three-image system; an animal, a celebrity’s face and a short quote. With this, there are a huge number of possibilities for combinations of images, and with each person producing a different response the number of potential ‘passwords’ is endless.
By using EEG nodes to monitor brain activity, these unique patterns can be mapped and assigned to the individual. The team began experimenting with 32 sensors across the head, but gradually reduced the number to find the minimum which produces reliable results. They found that just three properly located sensors at the back of the head can be placed into a small hat or VR headband to unlock the data.
This process takes around 5 seconds to unlock, roughly the same time as entering a password or using a biometric system. The three images are shown in sequence and the sensors allow for an unlock if the response matches that of the one configured.
In the case of a cybersecurity breach where the details of these entries are stolen, the ‘password’ can be easily reset with a different set of three images. A different response will be recorded and used for future attempts by that individual to access the material.
This has the prospect of being applied to a wide range of uses. Not only for highly confidential data on a computer in an office, but in a portable way to be able to open restricted doors or use check-in terminals at airports or hospitals.
The expansion of the Internet of Things would also benefit immensely from this kind of technology. Devices would be able to show personalised settings based on the user, whether in the home, workplace or in public – due to the highly secure nature of the process. Corning’s prospect for the use of so-called ‘smart glass’ could couple with this technology to create personalised experiences.
Critics have raised concerns for the security of this brainwave monitoring, with issues of the possibility of ‘reading thoughts’. However, the research team have dismissed those reservations. The three EEG electrodes places on the head are non-invasive and do not cause pain. In these locations they simply measure the electrical signals emitted by the brain in response to the images.
Although this technology is not yet available for everyday use, you can still secure your data with strong passwords. Click the button to see our top tips for ensuring maximum security on all logins.
SeaBro IT can work with your business to secure your files. By creating a secure network, your data will be at a much lower risk of attack from hackers. Get in touch to find out how we can help you.