Beyond Passwords -- Measure brainwaves?

This interesting article from Wired News, "Your Thoughts Are Your Password," by Lakshmi Sandhana, reports on work being done at Carleton University in Ottawa. They, among other experts, are investigating using brainwaves and thought patterns as a form of biometric security device to authenticate users' identity, a kind of password. It is attractive because, unlike other biometric security devices, like iris scanners or fingerprint scanners, you can periodically change the thought password.

The idea grew out of the difficulties with EEG (electro-encephalogram) reading because each person's brain waves are so unique. The Carleton researchers thought they could take advantage of the individuality of each person's brain wave patterns for authentication purposes.

However, there are some major obstacles to bringing the technology to market. Iead Rezek, of Pattern Analysis Research Group at the University of Oxford remarks that

Too many things are going on in the brain at the cellular level that all look the same from a scalp distance. "Signals from an uncountable number of nerve cells are smeared and lumped together by the time we are recording the brain-wave patterns," says Rezek. "Authentication is akin to recognizing speakers from muffled voices because, for example, the speakers are some distance away."

Another critic comments

"the link between thought and brain waves is immensely indirect," says Jacques Vidal, a BCI expert and professor with UCLA's computer science department.

Moreover, the way we remember things evolves. It may not be possible to design a system that can passively recognize the changing signature of the same thought by the same individual over time.

Vidal is more optimistic about a simpler form of mind reading, in which the computer provides a stimulus, then measures the brain's response. Such "event-related responses," or ERPs, to color flashes or specific sounds tend to produce brain signals that are different with each individual, but nearly identical when repeated on the same person. "ERPs could be used for biometric identification," says Vidal.

Such a technique could even benefit from the adaptability of our brains. Instead of trying to passively recognize a thought, like in the ideal implementation, a system could rely somewhat on the user deliberately learning how to generate the right brain pattern, using feedback from the machine as a guide.

(snip)

For now, the Carleton group is proposing a simple, binary pass-thought system as a first step -- something similar to the brain-guided spelling devices being developed for the extremely disabled. A successful login would only occur when you are able to identify your password by thinking "yes" to the letters or pictures that form it in sequence -- like a mental game of 20 questions.

If they get it working, there remain pragmatic obstacles to rolling out pass-thoughts as a replacement for other biometrics. It's easy enough to slide an index finger into a fingerprint reader, but right now the only way to tap into a person's brain signals is through a highly inconvenient EEG cap that's smeared with conductive gel and worn on the scalp.

Ewww. The story goes on to discuss options that they are hoping to roll out in the future, but probably not before 20 years go by. We may all be looking at those wavy letters on Blogspot and trying to recall 20 changeable passwords for the rest of our working lives.