Multifactor Authentication with EarEEG

Alphanumeric passwords perform poorly in their role in securing sensitive information as is seen time and time again with news headlines reporting account compromises that have led to severe financial and reptutional costs. A much stronger alternative is multifactor authentication systems - those that draw from a combination of knowledge (something only you know), inherence (something only you are), and possession (something only you have). However, these systems typically come with the unfortunate side effect of multiple steps which is a burden users and limits adoption. For example, a website that that requires an alphanumeric password (knowledge factor) and a text code sent to your mobile phone (possession factor) is cumbersome to many.

“Passthoughts” is a paradigm aimed at being both multifactor and one-step, using the inherence factor of EEG (electroencephalography, measure electrical activity from the brain), the knowledge factor of a user’s chosen mental thought, and potentially the posession factor of the device itself if passes a unique digital signature. EEG has tradtionally been collected via many channels, or electrodes, placed on the scalp - but recent research has shown that EEG can be collected from the ear as well allowing for a much more wearable form factor similar to audio headphones or a bluetooth headset. We first combined passthoughts and earEEG by modifying a cheap, off-the-shelf device to collect data using a single electrode placed in the ear canal rather than on the scalp. More recently we’ve been assessing the performance of earpieces with multiple electrodes that are custom-fit for a user’s ear by scanning a 3D mold.

EMBC 2016 Paper - UbiComp 2017 Poster Abstract