Since the conception of computers, mobile phones, tablets and most importantly, Internet, securing our devices and data has become crucial. Personal data ranging from shopping wishlists to bank details are either stored in PCs or are available online, all protected by passwords - a rather impotent sentinel, as it turns out. There have been several methods used by computers as well as the different websites to authenticate its user.

The first passwords were simple and easily stored since sophisticated hacking networks did not exist yet. One such example is, Cryptographer Robert Morris, who created the infamous Morris worm, developed a one-way encryption function for his UNIX operating system, known as “hashing”, which translated a password into a numerical value. The actual password was therefore not stored in the computer system, making the information less readily accessible to hackers. Recently, the two-step authentication has brought in development by adding an extra layer of protection by requiring verification from two different sources. But this too is not foolproof, but a challenge to intrepid hackers. Therefore, a more promising solution can be multi-factor authentication which demands more than one authentication method, one of which can be biometric authentication like fingerprint, facial recognition, etc. But the multi-factor authentication calls for extra efforts from the user.

Recently, researchers at Binghamton University have discovered that, with a bit of training, your computer can identify you based on the way your brain reacts to certain words. This could be another type of biometric authentication. This means that instead of a password you could simply listen to a few words and unlock your secret files. The idea is for a person to authenticate their identity with electroencephalogram (EEG) readings. You simply have to sit down with the brain scanner on. The user’s response is measured via an EEG headset. EEG signatures are unique and are more complex than a standard password, making them difficult to hack. For this, it is required to make an algorithm which can be educated about the user’s reaction for particular character. This can be made by giving the user to type a few characters and learning and registering the responses of the user.

Researchers at the University of Washington have demonstrated another way to extract private information using an EEG headset. They created games that subliminally flashed up images such as bank logos and noted when a person’s brain waves registered recognition.

If someone’s fingerprint is stolen, that person can’t just grow a new finger to replace the compromised fingerprint — the fingerprint for that person is compromised forever. Fingerprints are ‘non-cancellable.’ Brainprints, on the other hand, are potentially cancellable. So, in the unlikely event that attackers were actually able to steal a brainprint from an authorized user, the authorized user could then ‘reset’ their brainprint,

  • said Sarah Laszlo, an assistant professor of psychology and linguistics involved in the project.

Although this method is accurate upto 94% as of now, it still has confounding fallacy like, the effect of drugs(opioids, caffeine and alcohol) on the neural systems, and hence, the brain waves. This manipulation of brain waves due to the external factors comes out as a challenge. John Chuang at the University of California, Berkeley, last year published research into the impact of exercise on EEG authentication and found that accuracy degrades immediately after a workout (though it quickly recovered). He suggests that other factors such as hunger, stress or fatigue could also reduce reliability. To overcome this, if accuracy under different conditions were required, it could be possible to collect multiple brainwave “templates” for a user by separately mapping their EEG signature when drunk, tired and so on. It is possible to tweak the EEG data analysis using machine learning to improve the results for participants who were inebriated, as suggested by another researcher Tommy Chin and Peter Muller, a graduate student.

Nevertheless, given that it is difficult to copy another person’s exact thought process, the technology is certainly advantageous. Considering the advancement in the technology, we will likely see uptake of biometric applications based on brainprints soon – especially as part of multi-factor system for enhanced authentication.