Passwords are so yesterday!

Hasn’t it happened to every single one of us? We decided to add a new password (or maybe just a new variation of an old password) to our list of two to four passwords that we use for all of our accounts – either because we feel like we have used it too many times now, or because the requirements ask for a different kind of special character combination than the two versions of the same password you already have. We thought we were so clever when we created this super-complicated and super-safe new password, and we decided not to write it down because… well, we all know we are not supposed to do that. But now we are sitting in front of our laptop staring at the screen hoping that this super-safe password will find its way back into our thoughts.

At some point not too long ago, fingerprints and other sorts of biometric data like iris scans were considered to be the ultimate safety precaution. However, in today’s interconnected world, biometric data is more and more vulnerable to getting into the wrong person’s hands. When the U.S. Office of Personnel Management was hacked in 2015, a number of 5.6 million fingerprints were stolen. Even though the ability of hackers to make use of those stolen fingerprints is still limited at the moment, this is considered to change quickly as technology evolves rapidly (TheGuardian, 2015).

So if we keep forgetting our passwords, we are not supposed to write them down, and even fingerprints and retina prints are soon not to be safe anymore – how can we protect our private property?

Do not fear, the answer is inside your head.
brain waves

Researchers from Birmingham University have developed a way for security systems to identify a person’s identity through that person’s brainwaves. A study showed that brains react to different words with different kinds of electrical potentials that represent neural communication, and that those different reactions can be used to verify a person’s identity with an accuracy of 94 percent. The study also shows that those potentials stay the same over time, making it possible to use this method over long periods of time – for example for security systems. The study also proves that only the minimum number of electrodes required for obtaining clean data has to be placed on the scalp of the person in order to measure his reactions – three (Armstrong et al., 2015).

Those reactions, the so-called ‘Brainprints’, are considered to be a very safe way to protect private property since they cannot be easily stolen by hackers as can be fingerprints or retina prints. Furthermore, finger or retina prints are not cancelable (they cannot be changed). You cannot simply get a new fingerprint or a new retina print. Once this kind of biometric data is compromised, it is not valuable for the use with security systems anymore. The biometric data from ‘Brainprints’, however, is indeed cancelable. In the case of a compromised ‘Brainprint’ through hacking activities, these ‘Brainprints’ can be reset, making this method of property protection very reliable (Birmingham University, 2015).

Do you think this innovation will turn into a technology that will be widely accessible to everyone in everyday life? Or do you think it will only gain relevance (if so at all) in a high security-seeking business or governmental context?
How do you personally feel about this new discovery? Would you rather stick to your analog passwords that you have gotten so used to? Or are you looking forward to a future where you do not need to remember all those annoying password variations anymore?


Armstrong, B. C., Ruiz-Blondet, M. V., Khalifian, N., Kurtz, K. J., Jin, Z., & Laszlo, S. (2015). Brainprint: Assessing the uniqueness, collectability, and permanence of a novel method for ERP biometrics. Neurocomputing.

Binghamton University, State University of New York. (2015, June 2). Brain’s reaction to certain words could replace passwords. ScienceDaily. Retrieved October 8, 2015 from

TheGuardian (2015). US government hack stole fingerprints of 5.6 million federal employees. Retrieved from



One response to “Passwords are so yesterday!”

  1. martinbraakhuis says :

    The research paper in which the findings were reported states that: “we further demonstrated that some individuals could still be identified with perfect accuracy even after as long as six months.” This means that most individuals could not be identified with perfect accuracy after 6 months. This in turn means that the authentication system must be reset every couple of months. This means the technology takes up more effort and money than might appear at first glance. In some cases, the additional security might outweigh this cost, but I do think it means the technology will only see adoption in high-risk, high-importance ventures.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: