Passthoughts? Brainwave-Based Passwords a Reality

Image credit: John Chuang, Neurosky

Sure, you already store your passwords in your brain and then punch them into your computer, but a group of computer scientists are thinking about cutting out that second step. A team at UC Berkeley's School of Information has been able to use brain waves to authenticate people.

Led by Professor John Chuang, the team at Berkeley used Neurosky's Mindset Brainwave sensor, a $200 headset with electrodes that can measure electroencephalograms (EEGs) or brainwave activity. (Neurosky is the same company that makes those brain-powered cat ears.) With the headset on and connected to a computer, the participants were asked to perform a range of mental tasks, including singing a song and counting objects of different colors.

Participants were also asked to repeatedly sing their favorite song or think of their favorite color, functioning as their own personalized thought password or "pass-thought." After collecting data over a number of weeks, Chuang found that the computer could accurately and consistently distinguish between brainwave patterns of the participants. Basically, one person's brain activity during certain tasks was different from another and the computer could tell that and verify that it was that person.

"We wanted to find out can we accurately authenticate users based on user brain waves, and the answer is yes, we were pretty good at that," Chuang told ABC News. He said that unique focused thoughts, say focusing on a favorite song or color, isn't necessary for authentication, just one's own pure thoughts and waves are enough.

RELATED: Move Cat Ears and Fly a Helicopter With Your Mind

"Unlike traditional passwords where people have their own passwords, that doesn't seem to be necessary in this case for brain waves," Chuang explained. While the team was able to differentiate between different users' waves and see that they were unique and consistent over time, the team didn't actually integrate the technology with any password-based systems, like e-mail or another web service.

"We implemented an algorithm, or an authentication protocol, and we demonstrated it, but we haven't actually integrated it with any systems," he said. But Chuang doesn't see the technology being applied to computer password systems.

"We don't see this as a replacement to traditional passwords in scenarios where we sit down in front of a computer. It is obviously easier for us to type in our passwords, but there are other scenarios that involve wearable computers, for example, Google Glass," he said. "In those scenarios, something that goes beyond typing in our password might become much more useful."