From TechRepublic
Is it time to replace passwords with passthoughts?
By Michael Kassner
Most security pundits say passwords have to go. Mat Honan, senior writer at WIRED, would agree wholeheartedly. "Hackers destroyed my entire digital life in the span of an hour," writes Honan in this WIRED post. He adds, "No matter how complex, no matter how unique, your passwords can no longer protect you."...
What if there's biometric technology that's inherently multi-factor? Problem solved, right? There is research that does exactly that.
I recently talked to John Chuang, professor at University of California, Berkeley's I School. Building on previous research, Chuang, along with Thomas Maillart, University of California, Berkeley, and Benjamin Johnson, Carnegie Mellon University, figured out how to authenticate users to their computer systems using brainwave signals — passthoughts — collected by consumer-grade wireless headsets and wearable devices containing electroencephalography (EEG) sensors. "This possibility is especially interesting because brain-wave-based authentication naturally meets the criteria for two-factor authentication," mentions the researchers' paper My Thoughts Are Not Your Thoughts (PDF).
"Passthoughts can be considered two-factor authentication since they include both the knowledge factor (your chosen mental thought, which is a secret known only to you) and the inherence factor (the EEG signals coming from your brain)," explains Chuang....