ABSTRACT
This article describes an exploratory study which examined the use of Brain–Computer Interface (BCI) and gestural technologies generated from a BCI headset as a novel potential alternative to a 4-digit PIN code for authentication. Unlike other input modalities, many of these tokens (i.e., “push,” “lift,” “excitement”), can overcome some of the security vulnerabilities associated with PIN authentication (e.g., observations from third parties). Participants engaged in a controlled study where they performed five, 4-token authentication tasks on a simulated authentication screen. The percentage of completed BCI and gestural input tasks, as well as input time and accuracy, was compared to the 4-digit PIN task. The results showed that while authentication using a BCI headset is currently not as complete, fast, or accurate as that of a 4-digit PIN code, users felt that such a system would represent greater security over PIN-based authentication. In addition, mental commands, which might be perceived as the most secure from the standpoint of inconspicuous detection, were found to offer disappointing results both in terms of completion percentage and completion time.
Funding
This research was supported in-part through an award from the Office of Naval Research (N00014-15-1-2776).
Additional information
Funding
Notes on contributors
Sidas Saulynas
Sidas Saulynas is a Ph.D. student in the Department of Information Systems at UMBC. His research focuses on ways to support users with situational impairments using Brain Computer Interface technologies and multimodal interfaces.
Charles Lechner
Charles Lechner is a undergraduate student in the Department of Interdisciplinary Studies at UMBC. His research focuses on the development of Brain Computer Interface and gestural technologies to support user interaction.
Ravi Kuber
Ravi Kuber is an Associate Professor in the Department of Information Systems at UMBC. His research focuses on the design of novel authentication mechanisms, and the ways in which these be used to address the challenges faced by users when recalling and inputting passcodes.