Technology Developers Want You to Keep Your Passwords in Your Brain: How Does That Work?
Star Wars fans know very well that Jedi can open doors using their brainpower and a wave of a hand. Star Wars, in case you haven't heard, is science fiction, but some people reckon that using the gray matter residing in our skulls to open doors, albeit ones in the online world, can become a reality very soon. The best bit is, we won't need to learn to control the Force. Instead, we'll just look at some pictures.
The people who set themselves the task of making it happen are Wenyao Xu, Assistant Professor of Computer Science and Engineering, University at Buffalo, The State University of New York, Feng Lin, Assistant Professor of Computer Science and Engineering, University of Colorado Denver, and Zhanpeng Jin, Associate Professor of Computer Science and Engineering, University at Buffalo, The State University of New York. So, we're not talking about geeks who play with lightsabers (at least not while they're at work). There's some real science going on.
What's wrong with the current authentication methods?
Many things. For one, most users just can't seem to get to grips with how important login data is. They still use woefully simple passwords, and when they do get themselves around to creating stronger ones, they reuse them on multiple websites. Couple this with the fact that stealing login credentials is easier than it should be, and you can see how huge the problem is. Two-factor authentication seems like a solution, but it's not perfect, and both vendors and users have so far failed to embrace it completely.
Because of all these problems, over the last few years, we've seen more and more devices and services offering biometric authentication mechanisms. It's safe to say that fingerprint readers and face recognition technology are now a part of our everyday lives, and users seem to like them partly because they offer a quick and convenient way of logging in, and partly because they grew up watching James Bond use them.
The reality is, however, biometric data, like login credentials, can be stolen. And unlike passwords, if they are compromised, your fingertips can't be changed or reset. All in all, even though biometric authentication technology has come on in leaps and bounds over the last few years, it too comes with its own flaws, and we don't seem to have a way around them.
"Your brain could be your password", eggheads say
Wenyao Xu, Feng Lin, and Zhanpeng Jin think that there is a solution that is far superior to both the traditional login mechanism and biometrics. After doing some research, they found out that we can use our brain to prove that we are who we say we are.
The key is in the fact that every time our brain is hit with a particular stimulus, it reacts and emits brainwaves which can be picked up. Different brains have different reactions to the same stimulus, and crucially, they don't change over time. In other words, when your brain sees a photo of, say, a politician, it instinctively reacts, and its reaction is different from the reaction of another person's brain. Even if you change your mind about the politician, your brain's instinctive reaction will remain the same. According to Xu, Lin, and Jin, because the reactions don't change and because they are completely unique, they can make a great substitute for a password.
The idea is that when you're signing up, instead of thinking of a password, you put a small hat or a VR set that has electrical sensors embedded in all the right places. The system shows you a collection of pictures, records your brain's reactions, and saves them in a database. When you're trying to log in, you type your username, you put your hat on, you see the same images, and if your brain's reaction matches what's saved in the database, the system lets you in.
The scientists believe that this could be a viable alternative because while it's slightly less convenient than putting your finger on a reader, it is supposedly much more secure. They say that even if the all-important data is stolen, all a vendor needs to do to invalidate it is to show you three new photos and record your reactions. You effectively get the equivalent of a new password without the need to remember it.
Sounds promising. But…
There are many different reasons for looking forward to the password's demise. The thing is, so far, nobody has been able to kill it successfully. Take biometrics as an example.
Although fingerprint readers have been around for years now, before you have your digit scanned, you still need to assign a backup password or a PIN when you're setting up your new mobile phone. The same is true for facial recognition which goes to show that biometric authentication isn't considered reliable enough for the time being.
Chances are, if we do start using brainwaves for logging in to our accounts, we will still have a more traditional backup procedure, and it will likely involve a password. Before all this can happen, of course, the scientists need to convince everybody that having a hat which supposedly "reads through" your brain activity doesn't infringe your privacy in any way. There's also the matter of mass-manufacturing the said hat on the cheap.
In other words, while experiments show that the theory is solid, it is still a theory, and it has a long way to go. Passwords are here to stay, and you might want to think about finding a more efficient way of managing them.