‘Brain fingerprints’: Will semantic memory identification replace fingerprints and passwords?


It’s happened to everyone. You’re in a hurry trying to pay a bill but first you need to register an on-line account and the password requirements are complex and you just can’t get it right. Or you need to get fingerprinted for a high-security government job. Not as common, but it also illustrates the fact that security is complicated.

We’re all waiting for an ID method that’s more futuristic, simple, convenient, and works. Retina scanning is one possibility, and so is iris scanning. But those techniques require sophisticated, expensive equipment that you’re not likely to see integrated with your cable bill account.

Enter a new candidate for IDing people: semantic memory identification. Based on the patterns of electrical signals that your brain puts out in response to hearing or reading words or phrases, post doctoral researcher Blair C. Armstrong and colleagues at the Basque Center on Cognition, Brain, and Language (BCBL) in Spain are experimenting with a technology akin to brain fingerprints. Comparing brain signals from volunteer subjects when the subjects read lists of different acronyms, such as FBI or DVD, the team found brain wave responses to be specific for each individual. The result is that acronym lists combined with brain wave scanning could identify people with 94 percent accuracy.

To be scanned, a person must have electrodes mounted to their scalp to produce an electroencephalogram (EEG). The particular EEG pattern caused by reading several of the acronyms is what tells a computer “this is the person you’re looking for.” Wearing EEG electrodes may sound inconvenient, particularly if one is using such a system for something that they need to do frequently, such as logging into a computer. But then, remembering a complex password can also be inconvenient. And while 94 percent accuracy may not sound very promising compared with  passwords or procedures such as fingerprinting, or DNA testing when it comes to less routine activities, Armstrong points out that semantic memory identification is only a proof of concept at this point.

Once developed with increased accuracy, the EEG method would have an advantage over fingerprinting or passwords in the sense that identity of the user, say of a high security computer account, could be verified continuously. If someone were to remove your headset and don it themselves, the identify would switch from positive to negative and the account would stop working.

That could be a major advantage in a high security James Bond-like scenario where to access a system users must have their fingers or retinas scanned. In one horrible case in Malaysia a decade ago, to start a fingerprint-activated car, carjackers actually cut off the owner’s fingertip. Similar things might happen in a James Bond spy setting, or worse if we imagine security systems linked to scans of the retina or another part of the eye, the iris.

On the other hand, iris scans and fingerprinting currently are far more accurate than the semantic memory method, and more convenient to since they don’t require electrode placement. And that means that for now we must be patient. Keep your car keys in a place where you can find them, keep your hands in your pocket at all times when approaching your car and find a way to remember those crazy passwords.

David Warmflash is an astrobiologist, physician and science writer. Follow @CosmicEvolution to read what he is saying on Twitter.

  • Jim Bridger

    Intetesting, though their isn’t any mention of how a person’s ‘signature’ may vary over time. I imagine our brains are always changing in slight ways?

  • Hitoshi Anatomi

    They seem to be moving in a wrong direction.

    Whether iris, face, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.

    Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security.

    In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide titled “PASSWORD-DEPENDENT PASSWORD-KILLER” shown at