[anologwintermut]

Having been in that session, no one I met thought at all highly about the second paper.

First, it was unlikely you'd actually ever enter sensitive data while using one of those EEGs( as they are only used in games). Ironically, If you deployed this authentication method, you'd actually be providing an exploit vector since you could plausibly alter the authentication game to cause to measure something more sinister

This is important because the second complaint everyone had was the usenix paper didn't actually read information covertly. They asked you to think about your PIN number and flashed digits on screen to see if you recognized them(not covert at all). Effectively this was stuff that was known to be doable with medical grade EEGs years ago.

Of course, if you basically have an authentication mechanism that mimics there awful experiment, the results might actually apply.