Skip to main content
  1. Home
  2. Computing
  3. News

Passwords are so last season, ‘pass-thoughts’ let you log in with your mind

By
brainwave-authentication
Image used with permission by copyright holder

We try to make our passwords as secure as possible, but sometimes even complicated character strings can be vulnerable. That’s why companies, researchers, and organizations continue to search for ways to make accessing devices and accounts more secure. Google, for one, wants to replace passwords with USB sticks and smart rings. A team of researchers from the UC Berkeley School of Information, on the other hand, devised a way to unlock gadgets and accounts with brain waves. 

To be able to use “pass-thoughts,” as the team calls them, instead of passwords, the team took an affordable and readily available Bluetooth headset with built-in electroencephalogram (EEG) called Neurosky Mindset. Previously, using pass-thoughts would’ve been considered unfeasible because EEG devices are very expensive, but a $199 headset might make using pass-thoughts a reality. The team used Neurosky on test subjects and found that in order for the headset to provide enough brainwave signal, they had to make users perform seven mental tasks and then calibrate the headset for each one of them so nobody else’s thoughts can unlock their devices and accounts.

Recommended Videos

The team determined that the most effective way to implement pass-thoughts is to ask users to perform a mental task that’s not too complicated or boring. According to tests conducted, users were bored by imagining their fingers sliding up and down to unlock something, but when they were asked to make up their own pass-thoughts, they came up with something too complicated and hard to recreate. The tasks researchers found most effective are singing a song of one’s choice, counting objects with the same color, and focusing on one’s breathing. Calibrating the headsets and using these mental tasks to serve as one’s pass-thought returned error rates of less then 1 percent. 

Related

The team presented their findings at the 2013 Workshop on Usable Security at the 17th international conference on Financial Cryptography and Data Security in Japan in early April. While the UC Berkeley team’s method sounds very promising, more research needs to be done, and companies must be willing to make the investment in EEG-enabled headsets before pass-thoughts become widely used.

[Image via UC Berkeley School of Information]

Editors’ Recommendations

Mariella Moon
Mariella Moon
Former Digital Trends Contributor
Mariella loves working on both helpful and awe-inspiring science and technology stories. When she's not at her desk writing…
This gorgeous Mac mini hub exacerbates the power button placement problem
M4 Mac mini with Satechi hub on a desk.

Satechi, known for its high-quality tech accessories, is updating its Mac mini hub for the new M4 model. Like previous hubs, it allows Mac mini owners to expand their storage and ports while preserving airflow, wireless signal, and performance. It looks awesome, but this time, the design highlights the problematic nature of the new Mac mini's placement of its power button.

With previous Mac mini models, the power button was at the back, making it easily accessible even when it was in a Satechi hub. The new button placement on the bottom of the PC, however, may prove even more annoying for anyone who wants to buy this accessory.

Read more
Proton VPN vs. Mullvad: Which is the best open-source VPN?
Proton VPN Plus and Mullvad websites appear in a split-screen on a PC monitor.

Open-source software is exploding in popularity and even virtual private networks (VPNs) share code for transparency. With over 100 million open-source developers contributing to the community, there’s an improved chance to find bugs and patch vulnerabilities.

Proton VPN and Mullvad are among the best VPNs available, and both are open-source solutions. You can browse the code used in Proton VPN and Mullvad on GitHub to check that there isn’t any secret logging or undisclosed data collection.

Read more
Some older D-Link routers are vulnerable to attack
D-Link Omna 180 Cam HD

A few legacy D-Link routers can be vulnerable to Remote Code Execution (RCE) attacks since the company refuses to send any updates to patch them up, claiming they have reached end-of-life, as recently posted on its announcement page.

The vulnerability is a serious issue since it allows hackers to take control from anywhere in the world and use a stack buffer overflow. This attack sends more data than the buffer size can handle, potentially corrupting critical information like the return address. Thus, hackers can take control of your PC. However, the company did not detail how the threat works, possibly not informing the hackers too much about the issue.

Read more