Every account you have should have a different password, and those passwords should contain special characters, upper and lowercase letters, and numbers, according to common password recommendations. That, though, makes it difficult to remember them all. But what if you didn’t have to? Researchers at the University of Binghamton believe they have discovered a way where brainwaves can be used as passwords.

In a newly published study, “Brainprint,” Binghamton researchers took 45 volunteers and observed their brain signals as they read them a list of acronyms. According to the researchers, they were able to get a computer system to identify each volunteer based on how their brain reacted to reading and recognizing the acronyms. The researchers say each participant’s brain reacted differently, and the system verified their identities with 94% accuracy.

(Related: Another proposed password replacement)

This study could open the door for brain biometrics as a new form of passwords, and replace the need for finger and retina biometrics, according to Sarah Laszlo, assistant professor of psychology and linguistics at Binghamton University and coauthor of “Brainprint.”

“If someone’s fingerprint is stolen, that person can’t just grow a new finger to replace the compromised fingerprint,” she said. “The fingerprint for that person is compromised forever. Fingerprints are ‘non-cancellable.’ Brainprints, on the other hand, are potentially cancellable. So, in the unlikely event that attackers were actually able to steal a brainprint from an authorized user, the authorized user could then ‘reset’ their brainprint.”

It may be some time before this type of brain biometric is implemented in low-security applications, but the researchers see a market for this in high-security applications.

“We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon or Air Force Labs, where there aren’t that many users that are authorized to enter, and those users don’t need to constantly be authorizing the way that a consumer might need to authorize into their phone or computer,” said Zhanpeng Jin, assistant professor of electrical and computer engineering at Binghamton.

More information is available here.