From Passwords to Passthoughts: Logging In to Your Devices With Your Mind

Earbud EEG turns brain waves into biometric passwords

3 min read

Devices that read your brain waves can positively identify you with greater accuracy than fingerprint scanners and prevent spoofed IDs
Photo: iStockphoto

A password, a fingerprint, or an iris scan—these are ways to verify that we are who we say we are, allowing us to log in to our devices or enter a high security area. But if we are to move beyond touch screens and keyboards, our methods of authentication will have to change too. That has pushed engineers to find new ways to verify our identities, and to do it directly from the source: the brain.

When we perform mental tasks like picturing a shape or singing a song in our heads, our brains generate unique neuronal electrical signals. A billion people could mentally hum the same song and no two brain-wave patterns generated by that task would be alike.

An electroencephalograph (EEG) would read those brain waves using noninvasive electrodes that record the signals. The unique patterns can be used like a password or biometric identification. In fact, researchers have taken to calling them “passthoughts.” And really, what more foolproof way to prove that someone is who he says he is than to hack his thoughts?

Engineers have been tinkering with the idea for about a decade now, and some have developed devices that they say are 100 percent accurate. But those efforts have involved placing electrodes smack dab on the forehead or conspicuously across the scalp.  

Researchers have also developed in-ear EEG sensors that read brain waves for the purposes of controlling a computer or monitoring sleep. But until recently, those groups hadn’t tried to optimize in-ear EEGs for use as passthought readers.

John Chuang and his colleagues at the University of California at Berkeley married the two avenues of work by developing a passthought reader integrated into an everyday set of earbuds. Chuang presented the idea earlier this month at IEEE’s Engineering in Medicine and Biology Society conference in Orlando, Fla.  

Chuang’s group built the device using a consumer-grade single-electrode EEG headset called the NeuroSky Mindwave, which sells for about US $100 online. The electrode is intended to be placed on the forehead. Chuang’s group simply took it out of its casing and fitted it for the ear. They then ran a small study to see how reliably it could read brain waves. 

The rudimentary device was surprisingly accurate. Twelve volunteers each performed two sets of five mental tasks; the earpiece correctly confirmed their identities 72 to 80 percent of the time. These results suggest that with further development, a single electrode integrated into a set of earbuds could be used as a method of authentication. No hands required. 

Chuang’s team had previously done authentication testing with the NeuroSky electrode placed where its designers intended—on the forehead—and found that it was accurate more than 99 percent of the time. So they knew it worked. Getting it to work in the ear may be a matter of finding the optimal location, or fitting it appropriately in the ear, says Chuang. 

That’s the next logical step to making a practical, real-world device. “Clearly a lot more work needs to be done for this to be effective and useful in the real world,” says Chuang. “But at least we know this is an area that we can continue to investigate.”

Another challenge is making a device that is accurate even when the wearer’s physiological and mental states change. You could hum the same tune you’ve hummed a thousand times, but stress, mood, alcohol, caffeine, medicine, and mental fatigue could change the electrical signals that are generated.

Chuang and his 16-year-old son, Gabriel Chuang, found that to be true in a study of exercise and passthoughts. As a science project for school, the father-son pair tested a passthoughts system in 10 volunteers by giving them each a mental task before and after exercise. The pair found that it took up to 60 seconds for brain signals to return to normal after just 1 minute of jumping jacks. (Gabriel got an A.)

“The signals right after exercise are completely different from baseline,” says Chuang. “So if you want to authenticate immediately after exercise, you will not be able to.” The pair presented their study at the same IEEE conference in Orlando.

Despite advances in logging in with your mind, there might always be a need for an old-fashioned eight-plus character phrase with no spaces. “Passwords will never go away,” says Chuang, who reasons that for a computer, a typed password may be the easiest way to verify identity, while a finger swipe may be best for a touch screen.

But we need to think beyond those to future devices—wearables, for instance—for which there will be neither a keyboard nor a touch screen. “For each device, we must figure out what are the most natural, intuitive ways to tell the device that we are who we are,” Chuang says. Going directly to the brain seems like an obvious choice. 

The Conversation (0)