×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Passthoughts, Not Passwords: Authentication Via Brainwaves

samzenpus posted 1 year,9 days | from the get-your-thinking-straight dept.

Security 104

CowboyRobot writes "A new study by researchers from the U.C. Berkeley School of Information examined the brainwave signals of individuals performing specific actions to see if they can be consistently matched to the right individual. To measure the subjects' brainwaves, the team utilized the NeuroSky Mindset, a Bluetooth headset that records Electroencephalographic (EEG) activity. In the end, the team was able to match the brainwave signals with 99% accuracy (pdf). 'We are not trying to trace back from a brainwave signal to a specific person,' explains Prof. John Chuang, who led the team. 'That would be a much more difficult problem. Rather, our task is to determine if a presented brainwave signal matches the brainwave signals previously submitted by the user when they were setting up their pass-thought.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

104 comments

Walk by lockouts (5, Funny)

jbmartin6 (1232050) | 1 year,9 days | (#43451175)

Great, now anyone walking by can lock out my account with failed auth attempts

Re:Walk by lockouts (4, Funny)

ByOhTek (1181381) | 1 year,9 days | (#43451209)

I'm more worried about them realizing I'm not human, from my brain waves. I don't want to go back to my homeworld! Also, how much testing did they do to ensure there aren't issues with emotional state or distraction? If I had a family even and was stuck listening to Beyonce or Katy Perry thanks to my sister's atrocious taste in "music"... Is having that crap stuck in my head going to prevent a login?

Re:Walk by lockouts (1)

Chrisq (894406) | 1 year,9 days | (#43451263)

I'm more worried about them realizing I'm not human, from my brain waves. I don't want to go back to my homeworld!

Ask the captain for the brainwave spoofing kit

Re:Walk by lockouts (-1)

Anonymous Coward | 1 year,9 days | (#43451287)

I'm more worried about them realizing I'm not human, from my brain waves.

Not your fault you were born a nigger. You still suck ass, but that's not your fault. Now go be a gangsta or get some welfare or abandon your kids to a single mother with a shitty attitude.

I don't want to go back to my homeworld!

Yes it is actually called the Third World. It is the very best blacks could do without being governed by whites. History proves it, just look at Haiti. Didn't go to shit until after control was handed to the darkies. Ah well. No welfare for you if you go there.

Re:Walk by lockouts (1)

Yakasha (42321) | 1 year,9 days | (#43453147)

I'm more worried about them realizing I'm not human, from my brain waves.

Not your fault you were born a nigger. You still suck ass, but that's not your fault. Now go be a gangsta or get some welfare or abandon your kids to a single mother with a shitty attitude.

I don't want to go back to my homeworld!

Yes it is actually called the Third World. It is the very best blacks could do without being governed by whites. History proves it, just look at Haiti. Didn't go to shit until after control was handed to the darkies. Ah well. No welfare for you if you go there.

w
t
f

Gary Busey?

Re:Walk by lockouts (0)

Anonymous Coward | 1 year,9 days | (#43453453)

Multi-factor authentication is better, IMO, than fancy other kinds of passwords. This also makes the crackability of a password less important.

Re:Walk by lockouts (1)

Anonymous Coward | 1 year,9 days | (#43451511)

On the plus side, this method prevents drunk dialing/texting with no additional work - unlocking your phone with all them boozy thoughts will be impossible.

Re:Walk by lockouts (1)

skids (119237) | 1 year,9 days | (#43452071)

The big plus side of this is that when Hans Gruber wants to get access to your system, he has to keep you alive, rather than cut off your hand and/or eyeball.

Re:Walk by lockouts (1)

Dunbal (464142) | 1 year,9 days | (#43453145)

Unless your pass-thought was created while you were drunk, too. In which case the challenge will be exactly how many drinks did you have. Failed attempt - have another drink!

thoughtcrime is comeing (1)

Anonymous Coward | 1 year,9 days | (#43451191)

thoughtcrime is comeing

Talk about forgetting your password! (5, Insightful)

Shavano (2541114) | 1 year,9 days | (#43451199)

"I thought my passthought. But maybe I didn't think it the right way. Let me try again..."

Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.

Since when is "works correctly 99% of the time" good enough for an authentication system?

Re:Talk about forgetting your password! (3, Interesting)

ByOhTek (1181381) | 1 year,9 days | (#43451339)

Since when is "works correctly 99% of the time" good enough for an authentication system?

And how often do you mistype your password? I doubt many get their password right even 90% of the time unless they have rather bad passwords.

Also, there's false positive vs. false negative. False negatives aren't so bad (especially at 1%, when retries are possible). False positives are what are really of concern.

Re:Talk about forgetting your password! (3, Insightful)

Immerman (2627577) | 1 year,9 days | (#43452327)

Indeed, though a 1% false-positive rate would still make for a really lousy attack vector for anyone with serious intent - you're unlikley to get past it for the first time when it matters, and unlike a password which stays compromised until changed which allows a leisurely preparatory attack, slipping through on a false positive probably won't reliably let you through a second time when it counts. Not something you'd want as the only layer of defense protecting your top secret documents, but a significant improvement over passwords. A huge advantage for most applications would be that it makes the security system immune to attack via social engineering, probably the single most successful attack vector in the world, as well as "security degredation by convenience" where people share around passwords for accounts with access to resources that are supposed to be restricted.

Might also be very viable as part of a multi-factor authentication system, the pass-thought is already a two-factor system (thought + brain), adding a third factor with higher reliability would likely push the security beyond almost everything currently in use.

Re:Talk about forgetting your password! (4, Interesting)

jouassou (1854178) | 1 year,9 days | (#43451385)

Since when is "works correctly 99% of the time" good enough for an authentication system?

It isn't. But it is an interesting proof-of-concept, which shows that using passthoughts as identification is actually possible.

One interesting thought would be to combine passthoughts with other authentication technologies. Imagine walking up to a door that first performs face recognition and retina scans to determine who you appear to be. The system then accesses a database of passphrases associated with your user, displays a random one on a screen, and asks you to read it out loud. The system then uses a combination of voice recognition and brainwave scans to check if you're really who you appear to be.

Although all these technologies currently have suboptimal success rates, they might yield good security if you combine them.

Re:Talk about forgetting your password! (0)

Anonymous Coward | 1 year,9 days | (#43452647)

OK,

I'll say this once so try to keep up.

Biometrics are only useful as a replacement for a user ID. Not for a password.

Why you ask? Because you can't easily change them. This means that if it becomes posible to spoof the system (which is likely as to date every biometric system has been trivially spoofed), a compromised database means you're now unable to secure any other accounts, and unable to revoke access to the compromised account. It's the same thing that's wrong with using a SSN for a password.

This is why passwords and physical keys work. They can be changed when they become compromised, and you (can) use a different one for every lock.

The end result is that no matter how many layers of biometric screening you do, you still ultimately have to have a revokable key to fall back on for when your biometric profile gets leaked. Thus you still need to type in your damn password.

Given that, there is very little value in layering biomentric systems.

Re:Talk about forgetting your password! (1)

Dunbal (464142) | 1 year,9 days | (#43453167)

I think the concept you are missing is that at one point, user ID and password will eventually be merged into one.

Re:Talk about forgetting your password! (2)

mjr167 (2477430) | 1 year,9 days | (#43453273)

No, I think that is his point. And that it's a bad idea. If the user id is the password, you have the same problem you have with credit cards and SSNs. Acquiring a user's ID should not be enough to authenticate the user. The ID just identifies the user and can be used by people that need to refer to the user. You need something else to authenticate. Knowing my name shouldn't authenticate as me. Neither should having my fingers or my eyes.

The idea to use the biometrics to identify the user and the pass-thought to authenticate might accomplish this, and you still separate ID and authentication.

Re:Talk about forgetting your password! (4, Insightful)

David_Hart (1184661) | 1 year,9 days | (#43451487)

"I thought my passthought. But maybe I didn't think it the right way. Let me try again..."

Just what we need, an even more complicated and harder to use apparatus with a reduced probability of correctly identifying the right user.

Since when is "works correctly 99% of the time" good enough for an authentication system?

And what happens to the success rate if your brain chemistry and/or thought patterns change?

We know that changes take place in the brain during puberty, pregnancy, when in love, stress, medical conditions, etc. I'm curious if their testing included these scenarios. Granted, it would prevent drive-by tweeting if people would have to calm down before they could login... (grin)

Re:Talk about forgetting your password! (2)

gnapster (1401889) | 1 year,9 days | (#43451969)

Granted, it would prevent drive-by tweeting if people would have to calm down before they could login... (grin)

I plan to set my passthought while browsing Reddit, so the only tweets I can send are drive-byes.

Re:Talk about forgetting your password! (2)

Kongming (448396) | 1 year,9 days | (#43452001)

I don't think that would be a concern, on account of the fact that they are probably relying mainly upon information that is not really "brain waves".

The headset supposedly uses both EEG (brain waves) and EMG (electrical activity from muscle firing). However, measuring the electrical activity of neurons (very small and very weak) with any kind of specificity by using electrodes placed on the other side of the skull and other protective tissue is... let us just call it "nontrivial". EMG signals are much stronger.

From the paper:

"In particular, personalized mental tasks (e.g., sing their favorite song silently, focus on their personal pass-thought) do not produce higher signal similarity or authentication accuracy over mental tasks that are common to all subjects (e.g., close eyes and focus on breathing)."

Similarly, this discussion [bci2000.org] includes a comment by someone who claims to have developed for the platform, "IMHO, the NeuroSky devices which are currently on the market exist mostly to record EMG from the forehead."

The paper does not mention EMG. Perhaps they are are specifically avoiding making use of EMG information from the headset, although they do not mention any such technique in the paper. Personally, I would wager that unless you have significant changes to the musculature of your face and scalp or suffer new large-scale brain damage or other abnormalities, your "password" would not be terribly likely to change.

first thought (0)

Anonymous Coward | 1 year,9 days | (#43451201)

You must think in Russian...you cannot think in English and transpose...you must think in Russian.

Why this is idiotic (1)

slashmydots (2189826) | 1 year,9 days | (#43451277)

So first we had passwords. Then they invented fingerprint readers so now everyone can log in with either a fingerprint or a password as a backup in case the fingerprint reader doesn't work. Obviously 2 ways of getting into a system is MUCH more secure. Same here. I bet this will be backed by a password.

Re:Why this is idiotic (0)

Anonymous Coward | 1 year,9 days | (#43451353)

Did your post actually say anything?

captcha:blabbing

Re:Why this is idiotic (0)

Anonymous Coward | 1 year,9 days | (#43453959)

More than yours... and in turn, mine...

Re:Why this is idiotic (1)

BlindMaster (2262842) | 1 year,9 days | (#43451383)

Furthermore, it requires an "action" to be performed. I hope that action is convenience to do in public, plus doing it quick.

However, I suppose this is the first step of "reading" data from the brain. By collecting enough data, we may actually understand individual (hint for Google). If we actually can understand living things by brainwave, it can replace password as a way to recognize people (I suppose this is how we "know" others by understanding their ways of doing things).

Re:Why this is idiotic (1)

gnapster (1401889) | 1 year,9 days | (#43452027)

This reminds me of the film Minority Report; retinas at-a-distance are quick and convenient in public. One of the concerns about eyeballs and fingers is that if someone wants to impersonate me is to forcibly take them. (xkcd #538 with knives, not wrenches.) Am I safe with brainwaves? Does that de-escalate it from knife back down to wrench?

Re:Why this is idiotic (1)

Immerman (2627577) | 1 year,9 days | (#43452397)

Even better - it's something that can't be taken (knife-proof) and also can't be given (resistant to rubber hoses, social engineering, and lax security practices). Since it depends on the way *your* brain manifests the thought, you personally have to be present in order to get past the system, which complicates many attack scenarios. And all in all I'd rather be kidnapped than have an eye/finger/etc stolen, if anything I suspect my chances of survival are moderately better, not to mention I come out of the ordeal in one piece.

Re:Why this is idiotic (2)

JaredOfEuropa (526365) | 1 year,9 days | (#43452779)

That depends. On the one hand, if you're kidnapped, your brain might react differently under duress and the system would reject your logon attempt (and hopefully the kidnappers know that!). On the other hand, somewhere in the authentication chain, your brain waves are converted into electronic signals and at that point they could be "skimmed" and replayed, so it doesn't replace 2 factor authentication.

Re:Why this is idiotic (1)

Immerman (2627577) | 1 year,9 days | (#43454727)

>skimmed and replayed
That completely depends on physical security of the input device. Trying to "replay" a brain pattern into something designed to read it directly from a brain will likely be at least as difficult as tricking any other biometric device, but certainly if you can bypass the scanner by using your own replay device it should be easy enough, which goes the same for any biometric scanner - a fake retinal scanner is no doubt likewise much easier to make than a fake eye.

Re:Why this is idiotic (0)

Anonymous Coward | 1 year,9 days | (#43455035)

Furthermore, it requires an "action" to be performed. I hope that action is convenience to do in public, plus doing it quick.

I put on my Robe and Wizard Hat...

Re:Why this is idiotic (0)

Anonymous Coward | 1 year,9 days | (#43453703)

So this system is "idiotic" because of reasons that have nothing to do with the system itself and everything to do with implementation practices that apply equally to any other type of authentication mechanism?

You really are a special kind of stupid.

Escalator to hell (0)

Anonymous Coward | 1 year,9 days | (#43451279)

1. To by-pass fingerprint auth: chop off hand of victim
2. To by-pass retina auth: pluck out eye
3. To by-pass brainwave auth: chop off head

As for item 3, wasn't this already written somewjhere in some american classic sci-fi, maybe Heinlein?

Re:Escalator to hell (1)

kaizendojo (956951) | 1 year,9 days | (#43451423)

It would be very difficult to hack a brainwave interface with a brain dead head.

Re:Escalator to hell (0)

Anonymous Coward | 1 year,9 days | (#43451661)

Spoken like a true BOFH.

Who cares that they chop off the heads of our users, as long as they aren't getting into the system.

Because a computer is worth more than a human life.

Re:Escalator to hell (1)

Maxwell'sSilverLART (596756) | 1 year,9 days | (#43454335)

Spoken like a true BOFH.

Who cares that they chop off the heads of our users, as long as they aren't getting into the system.

Because a computer is worth more than a human life.

Objection! Assumes facts not in evidence!

OP clearly said "users."

Re:Escalator to hell (3, Interesting)

Errol backfiring (1280012) | 1 year,9 days | (#43451775)

But it might be quite easy with a live head. If you can intercept the signal, you can reproduce it. And intercepting a bluetooth signal should not be that hard. The problem is that it takes some "middle man hardware" to get the brainwaves into the computer. And middlemen can be a lot easier to fake. It is a bit like voice recognition: the voice may be personal and unique (or personal and unique enough), but recording a voice and playing it back is dead easy.

Re:Escalator to hell (1)

radtea (464814) | 1 year,9 days | (#43452979)

It is a bit like voice recognition: the voice may be personal and unique (or personal and unique enough), but recording a voice and playing it back is dead easy.

And yet people remain fascinated with these unchangable, non-repudiatable, easily spoofed means of biometric identification. I really don't get it.

Re:Escalator to hell (1)

lister king of smeg (2481612) | 1 year,9 days | (#43454235)

well they could encrypt the data being transmitted by the wireless headset and have the key change over time to prevent record and playback attacks, or just hardwire it.

Re:Escalator to hell (1)

andrewbaldwin (442273) | 1 year,9 days | (#43452073)

It would be very difficult to hack a brainwave interface with a brain dead head.

perfect!
... keeps your system safe from managers :-)

Thoughts and the associated brainwaves static? (0)

Anonymous Coward | 1 year,9 days | (#43451297)

Or do they both change over time? For example, will the thought of the word anal be the same before and after having anal sex for the first time? I doubt it, my thoughts changed pretty dramatic.

Re:Thoughts and the associated brainwaves static? (0)

Anonymous Coward | 1 year,9 days | (#43451325)

Just hearing your cell-mate say, "Grab your ankles" would do it.

Open Sesame? (1)

Anonymous Coward | 1 year,9 days | (#43451301)

What If you make a happy thought of your girlfriend and then breakup with her? You can't form that joyful thought anymore, can you still unlock it afterwards?

Re:Open Sesame? (0)

Anonymous Coward | 1 year,9 days | (#43451689)

What If you make a happy thought of your girlfriend and then breakup with her? You can't form that joyful thought anymore, can you still unlock it afterwards?

That's one of the fringe benefits of being an ex. You can think of "happy thoughts" with your ex at any time.

Worse than having your account hacked (0)

Anonymous Coward | 1 year,9 days | (#43451309)

Would be to be kidnapped and ordered at gunpoint to open your account so it could be hacked. That's an area of concern for these biometric schemes.

Helpdesk Request #65398 (3, Insightful)

Rob Riggs (6418) | 1 year,9 days | (#43451313)

Helpdesk,

I need help logging in. I have a migraine and can't get my passthought right. Can you send up two aspirin tablets.

Thanks

Think happy thoughts (3, Funny)

mwvdlee (775178) | 1 year,9 days | (#43451321)

So now every time I want to gain access I have to think the same thing I thought when I first entered the passthought.
"Okay, no thinking of naked girls now, anything but naked girls. Betty White! Yes, Betty White completely dressed, dressed in sexy lingerie... oh god, not that either, that's horri*".
"thank you, passthough recorded".

Re:Think happy thoughts (1)

Culture20 (968837) | 1 year,9 days | (#43451739)

Yes, but they can't figure out what you were thinking, only the pattern it creates for the brain scan. It's like a salted and hashed passphrase from the perspective of the brain scanner You could even tell someone else what to think, but the hashing algorithm (your physical brain) is an extra secret they can't replicate. ..for the time being.

Re:Think happy thoughts (1)

lister king of smeg (2481612) | 1 year,9 days | (#43454311)

Yes, but they can't figure out what you were thinking, only the pattern it creates for the brain scan. It's like a salted and hashed passphrase from the perspective of the brain scanner You could even tell someone else what to think, but the hashing algorithm (your physical brain) is an extra secret they can't replicate. ..for the time being.

I would not be so sure about that, they are getting closer to being able to reconstruct an image from thought with fmri,
http://www.popsci.com/science/article/2011-09/mind-reading-tech-reconstructs-videos-brain-images [popsci.com]

Not ready for prime time (0)

Anonymous Coward | 1 year,9 days | (#43451331)

I don't want to carry another device to attach to my notebook, small computer, or iWatch. When they get it to work with out an accessory I'll consider it. It shouldn't be too hard; for many years my wife has been only too willing to tell my what current thoughts and feelings are.

Use concept is authentication for financial use (1)

girlinatrainingbra (2738457) | 1 year,9 days | (#43451335)

It would appear that the use-case for this technology is as an authentication system for access to financial institutions or accounts since it was presented at a conference on Financial Cryptography and Data Security. TFA points out that
The team's findings were presented at the 17th International Conference on Financial Cryptography and Data Security in Japan this week. In a paper, the team argues that the embedding of EEG sensors in wireless headsets and other consumer electronics makes authenticating users based on their brainwave signals a realistic possibility.

The current headset is unwieldy. Would the banks make you put on a headset and think "i am the real me" when you get to the teller's station instead of signing on the electronic signature pad?

authentication in general see DARPA BAA (0)

Anonymous Coward | 1 year,9 days | (#43451409)

DARPA is looking for biometric authentication methods that don't require the active participation of the user. For instance, if you had a smartphone that detected your unique smell, it could do that without you needing to tell it to authenticate, or to have a particular password, etc. And, you could authenticate continuously, rather than just when starting to use the device.
these sorts of schemes are also much more difficult to fake with a replica, unlike things like fingerprint readers

DARPA-BAA-13-16 Active Authentication

As A Sysadmin... (0)

Anonymous Coward | 1 year,9 days | (#43451351)

How the hell do they expect me to do password resets now?

Re:As A Sysadmin... (1)

MrMickS (568778) | 1 year,9 days | (#43451427)

How the hell do they expect me to do password resets now?

I'm sure that Dremel will come out with an attachment for that.

Re:As A Sysadmin... (0)

Anonymous Coward | 1 year,9 days | (#43451807)

I think you could just 'taze' them...

Re:As A Sysadmin... (1)

Immerman (2627577) | 1 year,9 days | (#43452451)

Same way you should be doing it now - require them to be physically present with proof of identity. Or do you reset passwords in response to any random email/phone request that sounds like it came from the authorized account holder?

replay attacks anyone? (0)

Anonymous Coward | 1 year,9 days | (#43451373)

So how does this deal with replay type attacks, where you "record" the brainwaves and play them back?

Re:replay attacks anyone? (0)

Anonymous Coward | 1 year,9 days | (#43451529)

Probably with about the same level of protection as where you somehow "record" the keystrokes of a classical password and play them back.

Re:replay attacks anyone? (0)

Anonymous Coward | 1 year,9 days | (#43453537)

blue tooth is secure enough for my thoughts

Sounds like a great system (0)

Anonymous Coward | 1 year,9 days | (#43451411)

Because brains certainly don't change over time.

Re:Sounds like a great system (1)

mark-t (151149) | 1 year,9 days | (#43451623)

Brains change over time, but such change is ordinarily slow enough that if you are keeping the database of what the person's current brain waves look like up to date, then such normal evolution would not be a problem.

The only time it would be is on account of certain types of trauma, which can very abruptly and very quickly change a person's thought patterns.

Re:Sounds like a great system (1)

Errol backfiring (1280012) | 1 year,9 days | (#43451843)

You sure? If this proves "secure", say for a doomsday device to be activated only by the president, it would require the president to have his brainwaves recorded periodically. And each recording is an opportunity to breach the system. And if the shit really hits the fan, he might be too upset to authenticate (which, in this particular case, would be a good thing).

Dem Blinken Lights (0)

Anonymous Coward | 1 year,9 days | (#43451467)

yay! It's not like they could be hacked by flickering lights, screens, etc. Or anything like that. Tarkovsky, you there?

Sneakers rewrite? (1)

mortonda (5175) | 1 year,9 days | (#43451471)

"My brain is my password. Verify me".

OTOH... Since that can't be recorded on a tape, it gets kinda messy.

Interesting (0)

Anonymous Coward | 1 year,9 days | (#43451485)

It's an interesting study, but from a security point of view, If I wanted to get into somebody's system that used this type of authentication, then I would only need to get them to think about it while I am recording their brainwaves.

Another security vulnerability question is, can we figure out anybody's password on any system, if we can record their brainwaves while they are thinking about it?

Re:Interesting (1)

mark-t (151149) | 1 year,9 days | (#43451641)

You can record their brainwaves, but how do you reproduce them to another device that records them?

Re:Interesting (1)

Servercide (2820403) | 1 year,9 days | (#43451679)

You don't reproduce them. You just record your interpretation of brainwave sequences. Then that interpretation can be passed on. Like the mp3 of the brainwave world. All you need is one way communication.

Re:Interesting (1)

mark-t (151149) | 1 year,9 days | (#43451881)

Uhm.... if you're not reproducing them, how would you get into somebody's system that used this type of authentication? Sure, you can record their brainwaves while they are thinking whatever it is they need to think, but how on earth would that recording actually help *you* get into their system, which only records brainwaves?

Re:Interesting (1)

zlives (2009072) | 1 year,9 days | (#43453559)

assuming there is some sort of wireless receiver from the phone with EEG sensors (hopefully not BT) that sends the brain signal over... record replay!!?

Re:Interesting (1)

Servercide (2820403) | 1 year,9 days | (#43453685)

Well, to be useful in a computing environment you would have to convert the analog brainwaves into a digital format. Now, we can pretend that each and every manufacturer will have their own proprietary way of digitally converting these waves. Or, We can pretend that there will be an industry standardized format for converting analog brainwaves into a digital format (this is the more likely case IMO).

So, your Brainwave Pattern + Industry Standard Conversion = Valid Authentication Token. What is keeping me from taking that same token to another device that uses the same industry standard? It's not any different than a variation of a "Pass the Hash" issues encountered in our current computing culture.

Moreover, most biometric safeguards implemented today are run on top of existing authentication schemes. Do you think when you scan your fingerprint that it sends your fingerprint data to active Directory to authenticate? Doubtful. The application validates you finger print locally and then Authenticates you in an existing method i.e Kerberos, or whatever. Most Biometrics are just macros that type in your password for you behind the scenes.

In theory only one device should be able to reproduce those waves..your brain. Just like you should be the only one with access to your private keys. But I am a firm believer that anything that requires input can be tricked into accepting false inputs. Even Dildo's are a falsified input which will usually "authenticate" on the correct biometric systems.

Gets messy (0)

Anonymous Coward | 1 year,9 days | (#43451495)

OK, so my passthought is "boobs".
It works fine for awhile.

Then, it stops working.
I call the service desk.
Service Desk: How can I be helping you today?
Me: My passthought doesn't work.
Service Desk: Can you turn it off and on?
Me: it is a thought. I use it to logon.
Service Desk:What thought are you thinking?
Me: boobs.
Service Desk: Are you thinking about boobs?
Me: Yes boobs.
Service Desk: What kind of boobs can I help you with today?

Password reuse (2)

arielCo (995647) | 1 year,9 days | (#43451581)

Who thought up this? Mordac the Preventer of Information Services?

Concentrate on a new passthought ...

Don't kill the Security guy. Don't kill the security guy.

Error: You cannot use any of your last 3 passthoughts.
Error: Your passthought is too common.

GRAAAAH!!

Error: Your passthought is too common.

Stay-Puft Marshmallow Man. Enough said. (0)

Anonymous Coward | 1 year,9 days | (#43451585)

History will repeat itself. Stay-Puft Marshmallow Man. Enough said.

Old idea (0)

Anonymous Coward | 1 year,9 days | (#43451591)

I had this idea at a Usenix conference back in 2001. It's not new.

The brain changes (2)

degeneratemonkey (1405019) | 1 year,9 days | (#43451629)

It would be interesting to see the results of an experiment which brings the same subjects back in 5 or 10 years and asks them to think the same passthoughts. I highly doubt as much accuracy would be observed.

This is however an easy problem to solve: just change your passthought every few months.

what could possibly go wrong? (1)

kimvette (919543) | 1 year,9 days | (#43452197)

Unless it works with migraines, cluster headaches, stress, anxiety, depression/grief, happiness, exhaustion, pain, and a slew of other conditions that affect brainwave patterns (heck, even caffeine can throw off brainwave patterns) this is too error prone to be reliably used.

It's just an input device (0)

Anonymous Coward | 1 year,9 days | (#43453233)

Ease of use is definitely enhanced, but there's really not much increase in security to be had here: if a hardware device reads a "passthought", chances are that its just going to encode the string with some one-way hash function, which then gets stored in a password database using some other one-way hash function. From an intruder's perspective, this is a solved problem: keyspace exhaustion attacks defeat the one-way hash function by trading time for memory.

Aside from getting rid of common passwords, and increasing average password string-length (which can't be much longer without intolerably increasing the demands on auth server CPUs), this method is not much more secure than regular passwords, as circumventing it will simply require a rainbow table for the hash, and a modified client-side eeglib.so, or what-have-you, that reads the EEG device.

In other news... (1)

Yakasha (42321) | 1 year,9 days | (#43453351)

Apples shares plummeted 14% in after hours trading today as the company continues to battle their network security problems. Details are still forthcoming, but it appears their main campus is still closed, with the employees milling about in the parking lot. It is believed to be related to their roll-out of a new Electroencephalographic (EEG) based security system. One anonymous executive said, "Ya, looks like the 'think different' campaign really backfired."

Defeats the point of a password..... (0)

Anonymous Coward | 1 year,9 days | (#43453625)

Doesn't this defeat the purpose of a password/passphrase? Think about it, now all the government or anyone has to do to get your password is bring you to the scanner and say don't think of your password, or what is your password, etc. It will be very difficult for people to NOT think of their password, so the people you want to keep out will have even easier access than they would have had with a normal password system. I am not a fan of any biometric password systems, it is simply too easy to force me to let you in in those systems. Finger prints? No problem cut off my finger or find my prints and create fake digits with those prints. Brainwaves? Just hook my brain up to a scanner. Iris, force me to open my eye or just remove it from my head. If you think that the FBI wouldn't force you to hook your brain up to the scanner to get your password you are naive and living in a dream world. These types of security measures make us less secure.

AlphaA

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...