Alphanumeric passwords perform poorly in their role in securing sensitive information as is seen time and time again with news headlines reporting account compromises that have led to severe financial and reptutional costs. A much stronger alternative is multifactor authentication systems - those that draw from a combination of knowledge (something only you know), inherence (something only you are), and possession (something only you have). However, these systems typically come with the unfortunate side effect of multiple steps which is a burden users and limits adoption. For example, a website that that requires an alphanumeric password (knowledge factor) and a text code sent to your mobile phone (possession factor) is cumbersome to many.
“Passthoughts” is a paradigm aimed at being both multifactor and one-step, using the inherence factor of EEG (electroencephalography, measure electrical activity from the brain), the knowledge factor of a user’s chosen mental thought, and potentially the posession factor of the device itself if it passes a unique digital signature. EEG has tradtionally been collected via many channels, or electrodes, placed on the scalp - but recent research has shown that EEG can be collected from the ear allowing for a much more wearable form factor similar to audio headphones or a bluetooth headset. We first combined passthoughts and earEEG by modifying a cheap, off-the-shelf device to collect data using a single electrode placed in the ear canal rather than on the scalp. More recently we created and tested custom-fit earpieces with multiple electrodes achieving >99% accuracy rates with a single earpiece within our study sample.
*Winner of PhyCS 2018 Best Student Paper Award