Paper 2005/121

Pass-thoughts: Authenticating With Our Minds

Julie Thorpe, P. C. van Oorschot, and Anil Somayaji


We present a novel idea for user authentication that we call pass-thoughts. Recent advances in Brain-Computer Interface (BCI) technology indicate that there is potential for a new type of human-computer interaction: a user transmitting thoughts directly to a computer. The goal of a pass-thought system would be to extract as much entropy as possible from a user’s brain signals upon “transmitting” a thought. Provided that these brain signals can be recorded and processed in an accurate and repeatable way, a pass-thought system might provide a quasi two-factor, changeable, authentication method resilient to shoulder-surfing. The potential size of the space of a pass-thought system would seem to be unbounded in theory, due to the lack of bounds on what composes a thought, although in practice it will be finite due to system constraints. In this paper, we discuss the motivation and potential of pass-thought authentication, the status quo of BCI technology, and outline the design of what we believe to be a currently feasible pass-thought system. We also briefly mention the need for general exploration and open debate regarding ethical considerations for such technologies.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
jthorpe @ scs carleton ca
2005-04-21: received
Short URL
Creative Commons Attribution


      author = {Julie Thorpe and P. C.  van Oorschot and Anil Somayaji},
      title = {Pass-thoughts: Authenticating With Our Minds},
      howpublished = {Cryptology ePrint Archive, Paper 2005/121},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.