Forgetting a password could become a thing of the past according to the ZDNet article Brainwaves as Passwords; Secure and Near-Reality. John Fontana at Identity Matters says the technology to do so could be here as early as June 2013. Interaxon, which develops thought-controlled computing, is releasing the Muse headband sensor device that is designed to use brainwaves to login.
Brainwave sensors
The slim plastic Muse headband fits against a person’s forehead and slips over the ears. The band houses four brainwave sensors. There are not any authentication applications that work with Interaxon’s Muse headband yet. The article notes that the company has a software developer’s kit (SDK) for anyone who wants to do it. However, company CEO Ariel Garten says such an app is reasonable and possible.
“The user could create a specific brainwave signature or a password they would never have to say out loud or type into a computer,” said Ms. Garten, who spoke at the Blur Conference in Broomfield, CO. According to Mr. Fontana the CEO demonstrated thought-controlled applications and the Muse headband.
Brainwave login passwords
While brainwave passwords might conjuror up thoughts of being snatched off the street and having a brain drain, Ms. Garten said the technology isn’t mind reading. “People might think the government can read their pin number, but we can’t read your thoughts or images in your head.” Muse, which talks to devices via Bluetooth, is an electroencephalograph (EEG) that records brainwaves and reads the brain’s overall pattern of activity to detect certain states such as relaxed or alert explains the article.
The brainwaves are turned into binary data and the translated waves are used to control anything electric. Users can learn to manipulate brainwave patterns, like flexing muscles. “This builds your brain like doing bench press reps in the gym, Ms. Garten claims.
Applications that run on smartphones, tablets, or laptops can be controlled with the mind according to the article. Ms. Garten believes the technology is set to take off, she is quoted in the article, “In 25 years, interacting with technology using your mind will be as ubiquitous as a gesture is today.”
rb-
This seems like a cool idea, maybe Sony or Nintendo will take it over. This is not a panacea for passwords.
With the small real-world experience with biometrics in the enterprise (Thinkpad T61p laptop) it worked adequately for local machine access, but what about when you have to scale this to 10s of thousands of users? Just imagine the HR issues involved with obtaining employee’s fingerprints or as the article suggests brainwaves.
In my environment, where I think biometrics makes sense, there is all the political baggage that comes with biometrics and children and the anti-education, anti-efficiency, and religious groups. I wrote here about a Texas school distinct facing the wrath of these groups for RFID cards, not biometrics.
Then there are the technical issues with any password (character string or biometric) system. The hashed password or brainwave needs to be stored somewhere in binary form. If your AD is compromised you still have a problem.
swilson, one of the commenters at ZDNet wrote: “all biometrics are the same! It doesn’t matter what trait they come up with, the same core biometric challenges remain. The challenges he sees are:
- How to stop replay attacks?
- How to secure centrally stored templates that are needed to support ‘federated’ biometric access control from multiple points?
- What is the real-world sensitivity/specificity trade-off i.e. quantified False Positive and False Negative Error Rates? Knowing a bit about brain physiology, I am very skeptical that anyone can measure a highly distinctive brain wave with better than 90-95% accuracy.
- Most basic problem: revokeability. What’s to be done in the event of a compromise, when you cannot cancel and reissue a brain wave, or fingerprint, or iris, or genome?”
Related articles
-
- This Startup Lets You Pull A Beer Tap… Hands-Free! (alleywatch.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.