By Betsy Cooper
It is increasingly difficult to authenticate users on the internet. As phishing scams proliferate to capture and use passwords, new solutions are needed. The most typical response today is to turn to two-factor authentication, using both a password and a second method of identifying the user, like a text message or a fingerprint. But there are only a limited number of devices available to consumers to use for that second factor. And those systems are not necessarily secure; text-message-based authentication has already proved vulnerable to hackers....
But what if the future of authentication could involve a different type of biometrics: one that is both unique to the individual and changeable. At UC Berkeley’s Center for Long-Term Cybersecurity, we are supporting precisely such an approach. Led by Professor John Chuang, our researchers are studying how we create three-factor authentication, using our brainwaves (yes, really!) to lead the way.
Imagine wearing a small device in your ear, shaped like an earbud. Now think a phrase, let’s say “Mary had a little lamb.” Now imagine that, as you think the phrase, the small device reads your brainwaves, using an EEG sensor. It identifies a particular pattern of brainwaves. Now think the phrase again. In early studies, our researchers have uncovered that you will see a repeatable pattern of brainwaves, when provoked by the same thought. Even better, if I think the same phrase that you were thinking, I will have a repeatable pattern—but it won’t be the same as yours.
Betsy Cooper is the executive director of the Berkeley School of Information’s Center for Long-Term Cybersecurity. John Chuang is a professor in the School of Information.