Could the humble password about to become a thing of the past? Here's how brainwaves are being used in the battle for cyber security

 
Sarah Spickernell
Follow Sarah
Brainprints remove the need to type in passwords (Source: Getty)

A new system allowing accounts to be unlocked using brainwaves could spell the end for passwords as we know them.

Named “brainprints”, the system is the creation of a research team at Binghamton University in New York, and involves an application that can identify a person based on nothing more than their mental reactions to different acronyms, like DVD or FBI.
The researchers first realised its promise when they analysed the brain signals of volunteers reacting to a list of different words, and found no two people gave the same response. The results are published in the journal Neurocomputing.


Each person reacts differently to a group of letters (Source: Jonathan Cohen)

The best part of this, besides allowing us to be lazy, is that it's much more secure than any normal password - it would be very hard for anyone to replicate someone's brain signals, and if they did manage it the system could be cancelled immediately.
Sarah Laszlo, one of the lead researchers involved in the study, said:
If someone's fingerprint is stolen, that person can't just grow a new finger to replace the compromised fingerprint – the fingerprint for that person is compromised forever. Fingerprints are 'non-cancellable'. Brainprints, on the other hand, are potentially cancellable. So, in the unlikely attackers were actually able to steal a brainprint from an authorised user, they could then 'reset' their brainprint.
Unfortunately, though, it's unlikely the system will be widely used for a long time - in fact, the defence sector is likely to be one of the first users. Zhanpeng Jin, another researcher involved, said:
We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon or Air Force Labs, where there aren't that many users that are authorised to enter, and those users don't need to constantly be authorising the way that a consumer might need to authorise into their phone or computer.

Related articles