Let’s face it; remembering five to ten passwords is not only difficult, but highly improbable given how infrequently some of those passwords have to be recalled. How often does one log onto their HR benefits page anyway; once every few months at most? What if memorability doesn’t have to be a trade-off for security? A new security concept dubbed “Facelock” leverages humankind’s ability to discern recognizable faces from those of strangers to create a different sort of password.
The principles exploited by Facelock are rooted in decade’s worth of psychological research substantiating that humans are able to recognize familiar faces across a wide range of images, regardless of image quality. In other words, faces are almost impossible to forget. Alternatively, unfamiliar faces are linked to a specific images; so much so, that the same unfamiliar face is perceived as another person in a different photo.
A study conducted by researchers from the University of York and Glasgow, explored Facelock’s feasibility as a mechanism for blocking access to a program or device. Users were tasked with accessing accounts by selecting faces they recognized from a grid of nine unfamiliar faces while “hackers” attempted to guess the authentication key. The results: the hackers failed every attempt at cracking the code because it’s surprisingly easy to generate faces of substantial value. The key lies in nominating face-passwords from specific niches known only to user, such as one’s favorite Korean drama actor, rather than something as pervasive as a rapper.
The lock itself consists of a series of faces arranged in a three by three grid, where eight are unfamiliar and one is recognizable (by the user). The familiar face is generated from a pre-conceived list selected by the user. Authentication is accomplished by simply touching or clicking the familiar face.
There are several advantages to building a security system centered on face recognition. First of all, there’s no need to commit anything new to memory since face recollection comes naturally to humans without damage to the fusiform gyrus region of their brain. The University of York and Glasgow study observed that 86% of users had absolutely no difficulty authenticating their accounts through Facelock even after a year interval, whereas unused passwords were forgotten within a few days. In other words, Facelock is extremely robust.
Secondly, faking face familiarity is on par with pretending to speak a language you don’t know, according to the study’s lead author, Dr. Rob Jenkins. Volunteer hackers were asked to perform a series of authentications after closely studying an authentication performed on a two by two face grid. Suffice to say, they were unable to steadily recognize the same face across a range of images.
Learn more about Electronic Products Magazine