Your brainwaves can reveal your password

News
By last updated

...when wearing an EEG headset

Think of a number. Is it 12? Probably not. Guessing things at random is hard, which is why passwords work (and why password managers are so popular)

But if someone had access to data about your brainwaves, it might be a different story. Researchers from the University of Alabama at Birmingham have found that wearing a standard consumer-grade EEG headset makes it possible for someone with access to the data to pretty reliably guess your password.

"These emerging devices open immense opportunities for everyday users," Saxena said. 

"However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology."

Randomly generated

Nitesh Saxena, Ajaya Neupane and Md Lutfor Rahman asked a group of 12 people to type a series of randomly generated PIN numbers and passwords into a text box, as if they were logging into an online account, while wearing an EEG headset.

They found that after a user had entered 200 characters, algorithms were able to make educated guesses about new characters using just the brainwave data. That shortened the odds of guessing a four-digit PIN from 1/10,000 to 1/20 and a six letter password from 1/500,000 to 1/500.

 Technical protections

In response, the researchers propose that EEG headset manufacturers be forced to create technical protections for their users. For example, a headset could automatically generate digital noise in the signal whenever a password is being entered.

"Given the growing popularity of EEG headsets and the variety of ways in which they could be used, it is inevitable that they will become part of our daily lives, including while using other devices," Saxena said. 

"It is important to analyze the potential security and privacy risks associated with this emerging technology to raise users' awareness of the risks and develop viable solutions to malicious attacks."

The team's research was presented at the 21st Financial Cryptography and Data Security 2017 conference in Malta.

Duncan Geere
Duncan Geere
Duncan Geere is TechRadar's science writer. Every day he finds the most interesting science news and explains why you should care. You can read more of his stories here, and you can find him on Twitter under the handle @duncangeere.
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Hisense 65-Inch Class U6 Series Mini-LED ULED 4K UHD Google Smart TV 65U6N 2024 Model with NBA player on screen over a red background with a big savings icon next to it

The Hisense U6N is an impressive budget mini-LED TV and it's now less than $500
See more latest
Most Popular
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
Eizo FlexScan FLT
Behold the world's most power-efficient monitor — the EIZO FlexScan FLT
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser
Alien: Earth: everything we know so far about FX's upcoming Alien TV show coming to Hulu and Disney+
Half man, half AI.
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
diamond gemstone
Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'
Zuckerberg Meta AI
Meta powers ahead with conscious chip uncoupling with Nvidia as it tests its first in-house training AI-PU
Email
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication