While your brain on drugs may be analogous to a fried egg, your brain on Instagram may be like a super-secure form of identification, researchers report in a new study. Instead of fingerprints and retinal scans, the authors envision future authentication systems that survey a user’s brain as they look at random pictures, such as snapshots of Anne Hathaway or a slice of pizza.

According to the researchers, our brains create unique patterns of neural activity in the first few milliseconds that we process and react to certain pictures, including images of food, celebrities, and infrequently used words. When the researchers collected and analyzed such patterns from 50 adult participants, ranging in ages from 18 to 43, they were able to create unique brain-based passcodes that identified individuals with 100-percent accuracy and, so far, seem impossible to duplicate.

Study coauthor Sarah Laszlo, a neuroscientist at Binghamton University in New York, told Ars:

We have this sense as humans that our brains are unique and that our cognitive lives are unique, but that hadn’t really been demonstrated in the literature before... I think it’s just reassuring and interesting to know, like really, your mind and your brain is different from everybody else’s. And this is quantifiable proof of that.

Additionally, Laszlo and her colleagues argue that their quantifiable proof of mental uniqueness can be used as a new biometric identifier that could one day replace other biometrics, such as retinal scans and fingerprints. Retinal scans, once stolen, cannot be modified to regain security. And fingerprints can be duplicated from photographs—this happened recently to a German government official. Brain biometrics, on the other hand, can be modified simply by choosing different image patterns and are extremely difficult to surreptitiously capture and duplicate.

Others have tried to use brain activity for biometrics before, Laszlo said. Previous efforts focused on collecting brain waves from a resting mind or one that was focusing on a user-generated passkey, created by thinking about a specific memory or particular object. But, Laszlo explained, the data from those methods was too variable to accurately identify people. Being in a bad mood or being distracted could throw off brain activity patterns.

When Laszlo started the new study, she wasn’t convinced it would work either. But after some preliminary attempts came back with surprisingly good results, Laszlo dove into the research.

For the study, she and colleagues sat participants in a quiet room, one at a time, and fitted them with headgear loaded with 30 brain sensors. The sensors would pick up the continuous electrical chatter of their firing neurons, which show up as graphical squiggles in Laszlo’s measurements. Next, the participants watched as 500 images flashed on a screen in front of them—each image staying for less than a second. (The researchers periodically prompted the participants to push a button during the process, just to make sure they were paying attention throughout the test.)

The pictures were of things like food, celebrities, patterns, and uncommon words. Laszlo said she selected the image categories mostly by intuition, focusing on the types of things that elicit personal responses. People differ in which foods they love and hate, what they think of certain celebrities, and which weird words they know. But the short timeframe to react to the images—on the scale of milliseconds—means that the researchers only capture the participant’s automatic brain processing, something that the participants can’t easily alter at will.

With all the data, the researchers found that they could sort background brain noise (like bad moods and distractions) from the picture-specific activity for each participant. And after analytical whittling, they got each participant’s biometric down to the brain responses for just 27 images, collected from just five sensors near the visual processing area of the brain. And those biometrics could identify individuals with 100-percent accuracy in further tests, which continued for up to 10 months after the published study, Laszlo told Ars.

It’s possible that the brain biometric would need to be reset or recalibrated after longer timeframes, Laszlo admits. But, she notes, we typically reset passwords every now and then, anyway.

Laszlo also isn’t sure if identification accuracy will go down as she and researchers collect brain data from more people. Some people's brain activity patterns may look similar. But, she argues, access to highly classified information or the most secure areas of the Pentagon—things that might warrant a brain biometric authentication—are unlikely to have thousands or even hundreds of users, making the dilution of accuracy less concerning.

In new experiments, Laszlo and her colleagues are trying to mentally hack their system to prove it is secure. So far, she tells Ars, it’s holding up.

The IEEE Transactions on Information Forensics and Security, 2016. DOI: 10.1109/TIFS.2016.2543524 (About DOIs).