For years, security experts have bemoaned the inherent insecurity of passwords. Cracking software has only become more sophisticated, rendering many password-protected systems increasingly vulnerable; and when software can’t penetrate security, a hacker can always rely on old-fashioned social engineering to pry a password from the unsuspecting.
In a bid to further lock down systems and devices, tech firms have graduated to biometrics. You can use your thumbprint to lock down your iOS or Android device, for example. But biometric security isn’t invulnerable, especially if a malicious actor can target a pre-existing exploit in the hardware or software.
So what’s the next stage in security? According to a group of researchers at Binghamton University, it might be brain signals. In a research paper (hat tip to TechCrunch for the original link), they detail an experiment in which volunteers were asked to read from a list of 75 acronyms (including DVD and FBI). As they read the words, the volunteers’ brains reacted in ways identifiable as unique by a computer system. (The paper refers to these signals as “brainprints.”)
In theory, using a brainwave to unlock a system would prove more secure than most biometrics, but mass-producing such a lock might prove difficult, at least with current technology. “We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon or Air Force Labs, where there aren’t that many users that are authorized to enter,” wrote Zhanpeng Jin, an assistant professor at Binghamton University, “and those users don’t need to constantly be authorizing the way that a consumer might need to authorize into their phone or computer.”
For those tech pros who work on security, dealing with brainwaves could be a long way off—if the technology enters the marketplace at all. But the research is yet another reminder that security is a constantly evolving space, and the next generation of tools will attempt to free us even more from having to use passwords.