This new authentication system asks users to identify familiar faces, rather than enter a password. According to a paper published by PeerJ, this system exploits the fact that humans can recognize familiar faces, even when the image quality is poor. In contrast, recognizing unfamiliar faces is tied to a specific image. So much so that different photos of the same unfamiliar face can be mistaken for different people. Facelock presents a series of face arrays where one face is familiar among unfamiliar ones; all the user needs to do is pick the familiar face. Even if an attacker knows which face the user picks in one authentication, the face will likely be unfamiliar to them in other pictures.
The researchers ran two studies with more than 400 participants including account holders, attackers who were strangers, and attackers who were personal acquaintances. Account holders were told to choose faces of Z-list celebrities that they could pick out of a crowd but were uncommon enough to the general public. After one week, 97.5 percent of account holders could authenticate their accounts. Personal attackers succeeded 6.6 percent of the time after one week and stranger attackers succeeded less than 1 percent of the time. After one year, 86 percent of account holders could still authenticate their accounts. Recognition programs, like Facelock, could potential be the end of the password and the attacks associated with them. Facebook, Google, and other companies would do well to invest in this technology to make their users safer.
Photo credit: screengrab
No comments:
Post a Comment