Slashdot Mirror
Using Face Recognition Instead of a PIN Number
coondoggie writes "Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications, but researchers at the University of Houston (UH) are trying to make the technology far more ubiquitous and secure: they want it to replace the dozens of personal identification numbers (PIN), passwords and credit card numbers everyone uses every day.
University researchers developed the URxD face recognition software that uses a three-dimensional snapshot of a person's face to create a unique biometric identifier."
This is stupid for a couple of reasons. The first is that biometrics suck and are usually almost trivial to subvert. See the $10 fake finger, for an example. What do you do if somebody hacks your credentials as well? Have facial re-constructive surgery? But even if you had very good biometrics that were hard to fake, it still less secure than having separate credentials to access everything.
Why is this? Well for the sake of argument, let's suppose it costs £50 to create a duplicate of my chip and pin card that will work in any cash point. I have four such cards in my wallet so the cost of duplicating them all is £200. In order for the biometric to replace my cards completely and be equally secure, it has to cost more than £200 to fake.
The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced. This doesn't just apply to bank-cards it also applies to national ID cards and any centralisation of security.
The fundamental principle here is that centralising security often reduces security. This is something to keep in mind when you're consolidating servers.
Simon
Its an interesting concept. I will agree with that.
Essentially, it uses your face to access your information in a database, which could include bank, credit card, medical, or pretty much anything else desired.
However, all a person then needs to commit fraud is to capture these scans and feed it back to the software...
Ill keep my zero liability credit cards and my 4 and 6 digit pin numbers thank you.
If sharing a song makes you a pirate, what do I have to share to be a ninja?
...that haven't already been cracked?
I hope this system includes some method to check whether the rest of the person apart from the face is present.
Some poor Malaysian fellow has already lost a finger. I'd hate to have my head stolen just to access my bank account.
Ripping an new rectum in the fabric of spacetime.
But the fact that every single one of them has different stupid restrictions. I try to limit myself to two common passwords where possible. one is fairly short, one is quite long.
Recently I needed a new password for a site. I tried the short one. "your password must be at least X characters". fine, whatever, that's why I use my long one,"your password is too long", so a new, made-up one "your password must contain at least one number". WTF?
Can we not at least agree some standard on this? Like many people I end up having to write this new mangled password down, totally defeating its security.
I do not see, from a code POV, why it matters that the password is less than X characters. Between 5 and 10 characters? WHY? what is wrong with between 5 and 50 characters? or 5 and 100 characters?
Most people can remember a sentence pretty easily, especially a favourite catchphrase or movie quote, remembering "tuesdaypass442" is not so easy, and thus they get written down. I understand the need for minimum pass lengths, but capping the max so low, and so close to the min, is just madness. Give us flexibility in passwords, not some dubious new expensive tech to do the same job.
DRM-free indie games for the PC and Mac: Positech Games
Now the thieves are going to cut off my head, instead of just taking my finger.
Tag this Mission Impossible!
But seriously, all someone would have to do is create a sufficient mask. Perhaps that is tough to do now, but if this idea were to take off, the supplies and instructions for doing so, would be available everywhere. And worst of all, you're wearing all of your passwords on your face!
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
I kinda like the ability to forget or lose my PIN number. I can't exactly lose my face.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Or people looking really alike, I mean, how precise is this thing? What about make up? Trip to the beach? Getting your hair done? Shaving accident?
They are trying to solve a problem (I hate pin codes) by making it to a worse problem. Way to go...
Minimum requirements such as character types and length are there to force complexity(to a certain degree). It has nothing to do with how the program is coded.
Also, if you allowed 50 character passwords, I would imagine you password reset/failure support calls/tickets would rise considerably because people forget them.
If sharing a song makes you a pirate, what do I have to share to be a ninja?
Someone takes a picture of your face using their cell phone, or takes an existing picture off of myspace, etc. I think it would be pretty damn hard for a camera to do facial recognition unless it truly is a 3D camera -- otherwise you can just stick a picture of the owner's face in front of the lens and you're in business.
Hero of Allacrost, a FOSS RPG for *NIX/*BSD/OS X/Win
As with all biometrics this is stupid and dangerous. Others have already remarked about centralised security meaning higher value. Biometric security means that often the easiest way to subvert the system is to steal you or your body parts. Very few things are worth that to you (your employer or bank might think otherwise; they have different priorities :-) so never agree to take part in biometrics.
Absolutely for removing restrictions on pass lengths. Even worse is when the restrictions are written on the input form, i.e. Web Password (5-8 characters) which is an actual example from a bank's online access service.
I don't know about standardizing passwords though, unless it's something really broad, i.e. must have at least one number and be from 6-100 characters. Otherwise it narrows the possibilities down a bit much.
On that note, having only two passwords for all your services is a bit risky, unless they're very good passwords, and you're very careful about where and when you type them, and the sites you're visiting are all trustworthy. I have about 4 or 5 regular use ones, and all the important stuff like web banking, paypal, etc. each gets it's own separate password.
I disagree, I think "welcome to the real world" is easier to remember than "mypasswrd1". sentences evoke memories, visual and auditory, which random lumps of characters or artificially squashed single words do not.
DRM-free indie games for the PC and Mac: Positech Games
Because it requires them to shave.
"Please stuck your head in the scanner for face recognition."
*grumble*
"Your face was not recognized, please rub your face with the towel provided and try agiain."
*damn*
"We failed to recognized your face after several trials. We'll now shave your face for a better recognition result. To avoid you moving your head while shaving is in progress, we'll lock your head firmly now."
*shaver pop out*
"NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"
these guys didn't watch "Mission: impossible"?
Stop it! I swear, if I see one more of these redundant pleonasms on my LCD display, I'm going to explode!
"It's too bad that stupidity isn't painful." - Anton LaVey
Instead of using something that's secret and can be changed, they want to start using something that everyone can see, and is not changeable.
This is a great opportunity- for my evil twin to clean out my bank account!
As if he hasn't haunted me enough already...
It's bogus. I can say this with certainty.
How do I know? Because the exact same maths apply to a different domain, and we'd already have seen developments there if this was true.
Decompilation uses exactly the same abstract mathematical concepts as shape recognition (of which facial recognition clearly is a subset). Just replace "vertices" with assembly-language instructions and the "shapes" to which they may belong with program structures (for / while loops, subroutines &c).
If there was anything in this facial recognition malarkey, somebody would have created a working decompiler by now. That's just a simple application of the law of averages; there are many more hackers out there than there are biometrics researchers. And there's a huge application for a decompiler: the ability to decompile a program which originally was written in, say, Visual BASIC into C++ will mean that programmers can collaborate on a project without having to have a language in common (and, incidentally, it will also mean that Freedoms One and Three can be taken by force like Freedoms Zero and Two). So far, nobody has created such a thing.
It's snake oil, pure and simple.
Plus, I kind of like the extra security layer that I get by having different PINs for all my cards and different paswords for all my online accounts. If someone discovers, say, my Halifax PIN, they'll have to steal my Halifax card. But if they catch me on a day when I'm not carrying that one and steal my Lloyds TSB card or my Abbey National card instead, the Halifax PIN is useless to them (and while I'm sorting out blocking the stolen card, I can change the compromised PIN). Likewise, if someone discovers my Yahoo! Messenger password, they can't impersonate me on Slashdot.
Je fume. Tu fumes. Nous fûmes!
wttrw
w2trw
w2trwrld
yes, you are right, welcome to the real world is easy to remember. and now it will evoke the memory of w2trwrld, which is between 5-10 letters and contain one digit, and thus will be accepted as strong on 90% of the passworded applications out there.
absolutely, anything that involves money has its own secure unique one. I just mean for web forums and subscriptions for stuff.
DRM-free indie games for the PC and Mac: Positech Games
The reason why it is a bad idea to use your face as a password is that everyone can see your freakin' face. Why not just write your password in black marker on your forehead?
That's secure right?
How we know is more important than what we know.
Never mind the more superficial changes. What if you get mugged and beaten for a different card (or a watch or gadget or something) and have your face beaten up? How does it cope with busted lips, big swollen black eyes, broken noses and worse?
I guess it'd be one way to ensure that people can't take their money out!
you just proved my point. which of those 3 is your password again?
DRM-free indie games for the PC and Mac: Positech Games
...what about twins?
- You have to consciously enter a PIN to give it away - unless you're fooled by a complete rebuild of an ATM, you're not likely to enter this particular number anywhere else; but you show your face to everyone in the street, making it trivial to get several photographs of it and even do a 3D reconstruction if desired.
- You can enter a number at a keypad even if severely impaired and under pretty unfriendly conditions (outside ATM in heavy rain, when you're wearing gloves and are a little under the effect of both a cold and cold medicine, say). It's a pretty fool-proof, accessible way of entering a small amount of data. Facial recognition, on the other hand, requires - unless there have been vast advances - very good lighting, a clear image of the face not obscured by sunglasses, intensive make-up or bruises, and no vast changes in hair style or beard growth.
- Image recognition is cost intensive, energy intensive and computationally expensive; a keypad of the highest level, secure and proof against vandalism will cost what? A couple of hundred bucks at most? To get facial recognition you need light sources that don't interfere with the cameras, the cameras themselves, complex software behind them and - also very important - you need large amounts of data on the facial features. Granted, it might be easy to compress them to a couple of hundred kb's if you're willing to sacrifice some accuracy, but compare that with the four or five byte you need to store a PIN!
- Problem of false negatives and false positives: when I enter a PIN I can usually get it right on the first try; I usually only run into problems when I confuse it with the PIN from another card. Entering it wrongly has happened maybe once or twice in my life, as far as I remember. Now, what are the chances that the facial recognition software will correctly identify me 99.99999% of the time? And how big is the risk that it might mistake another person for me?
- Another thing: right now I can hand my credit card to my brother, tell him to pick me up a little cash from an ATM and give him my PIN and card. Will there be provisions made for you to authorize other people, like your spouse? How many? For how long?
I think it's strange that so many people seem to think just because something is newer it is automatically better than the old technology / method / tool. Don't get me wrong, I love progress - but increasing the failure points of a known and working (if not perfect) system seems like a strange idea to me...-- Language is a virus from outer space.
Surely the degree of accuracy to which you would have to measure the face to make it unique would imply that a good case of acne would be enough to deny access to your accounts.
...
Or better still, a broken nose ? Imagine having to go explain to the bank that you needed to change your pin because you were drunk and got into a fight at a pub ? There goes your chance at getting a homeloan
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
What would you use at an ATM machine other than a PIN number?
Plus, having the same password on several website is an issue. I do this also but I keep wondering what will happen the day that one of the maintainers of the forum where I registered decides to impersonate me on other forums or even -gasp- on slashdot. Hopefully, my email password is unique and I can recover some stuff from there...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
And what happens if I put a photo or an hologram in front of that camera?
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
8 of 13 people found this answer helpful. Did you?
Interesting. Note how the AC freely admits it's a relatively small infraction ("that is a little redundant"), yet still feels the need to call the poster a douchebag and a tool, and instruct him to die. I would conclude that he has a defective sensus of proportionus, and recommend a course of chill pills. Next patient please.
I guess you'd have to have your biometrics updated every few years as you age. More often if you smoke, drink heavily, sun bath, etc... those things age you faster.
I prefer Flambe as apposed flamebait.
Hi Mr Cliffsky
I would like to tell you about a new internet service that provides, err, information and stuff. Just need you to supply a password. Actually for added security we need 3: a short one, a long one and a middle sized one with a numeric digit in it.
The incidence of decapitations has increased 500%
To see how the hell they are going to have a person walk up to an ATM, and wait for the system to search through potentially billions (or trillions) of biometrics datapoints while it looks for an exact match. Then the system will have to re-run the search so it is sure it has the proper account. This all because some school wants to rid the world of a key (credit/atm card and pin).
Now if you enhance the credit/atm card with a biometric to ensure that the owner of the card is the one using it, that would be a more logical target. The CC/ATM number + pin would have a biometric record to pull and compare. Much quicker and still adding quite a bit of security to the accounts.
There are no loopholes. It's either legal or it's not.
A PIN perhaps.
I don't want people motivated to steal my head / finger / iris / retina along with my wallet. Even if you can tell the difference between a living or a stolen body part, some idiot will try it anyway.
It's a PIN. Not a PIN number.
echo $SIGNATURE
"If its not broken don't fix it."
Clearly some people have a little difficulty remembering pin codes, but in my opinion its the best way.
When you start adding security features that require a human component clearly a bad idea.
I would have used the last one, I listed the three to show how I would work it out. five letters is too short for a password in my world, but then I am somewhat paranoid. As you said a sentence invokes memories and feelings, if you work one into a password then the sentence will invoke the memory of your workprocess - as I showed. Or at least it will if you put any amount of concious effort into choosing a password.
But a PIN is only compatible with an ATM. You need a PIN number in order to use an ATM machine.
Thanks for that, on behalf of my self and other people who are a bit slow today.
Identical Twins
Need I say More ?
http://davesboat.blogspot.com/
The next person who makes an acronym joke, I'm going to fire a SAM-Missile like TCP/IP protocol attack on. I'm serious, you're going to need a DC Comics superhero or the skills of an FPS shooter main character to survive this one. First, your FAT table will go, then your NIC card, then all your OSS software, and for the final coupe de gras, I'll translate all your code to the COBOL language.
Yeah, you'll be FUBAR beyond all recognition.
Pulp Audio Weekly - Geek News and Reviews
That degree in Sculpture was a money maker, after all.
It's not "PIN Number", PIN stands for "Personal Identification Number", so you are really saying "Personal Identification Number Number", which is of course a redundancy.
These are all just examples of the terror of the creeping RAS syndrome!
http://en.wikipedia.org/wiki/RAS_syndrome
(RAS=Redundant Acronym Syndrome)
We are supposed to make the system user friendly, because, after all the end-user end up using them. Limiting artificially the user to password less than 10 char long, is not quite user friendly, since there will be a subset of user which will want more than 10 chars, to build sentence easier to recognize. Furthermore, I don't know much on password, but aren't anyway hash saved in the system as opposed to encrypted or plain password ?
now my evil twin is going to clear out my bank account...
http://www.frenchgeek.com/
Actually, it somehow evoked the memory of Waterworld. Dammit.
The gang wouldn't have had to use guns ... they could have just stood in front of ATMs in Washington DC. But not much surf on the Potomac.
It really annoys me that so many alleged security researchers seem to think that biometrics should be used as a replacement for what we have. No, it should be an augmentation. Each different kind of security has different things that are good and bad about it. I'll cover the three I'm aware of (which I believe to be a complete list:
1) Something you have. This would be like a key or a smart card or something. The strength is that if properly designed it should be difficult to impossible to copy and that it has to be physically taken to be used. As such its absence can be noted and you can't get it remotely. The weakness is, of course, that it can in fact be physically taken, and also that many indeed can be copied.
2) Something you know. That'd be a password, PIN, whatever you want. This is something (hopefully) stored only in your head. The strength is that there's nothing to actually come and steal or look at. It's all in your head so someone has to either get you to give it up or they have to intercept it when you enter it. The weakness is of course that it can be intercepted without our knowledge, and if it is there's no way to know other than once unauthorized access has already happened.
3) Something you are. This is a fingerprint, face scan, DNA, whatever. Something that is just a part of you. The advantage is that you can't lose it or have it stolen (barring someone cutting off a limb or something) and it can't be copied, at least not exactly. The disadvantage is that what you are changes and our ability to measure it is limited anyhow. This means there's a limit to the accuracy at which what you are can be checked and still be useful. Thus though an exact copy of you may not be possible, it may be possible to make a mockup or find someone who's close enough to work.
So, because of this, better security comes form using two or three kinds of authentication. Just a biometric measurement isn't any better than a password, maybe worse since you can change a password but changing a face is pretty hard. However a biometric scan, plus a password, plus a token is an ironclad bitch to break. For that someone has to steal your token, find out your password, and construct an acceptable copy of the biometrics, all before you notice something is amiss and have access shut off.
So I'm all for biometrics for things, so long as they are an addition. Unfortunately, way too often I hear them as a replacement.
We get the same crap at work. Everyone's ID has a smart chip in it. So there's talk of making the computers support it. Great idea, password + smart chip = fuck you to remote password crackers and such. Even if the password is simple, you have to steal the smart card which you can't do over the net. However of course everyone doesn't want that, they want JUST the smart card. "Oh I won't have to remember a password anymore!" Great, until someone locally swipes it and then is in as you.
It concerns me, as a Christian, that technology is pursuing biometrics on face or hands to enable buying and selling.
Revelation 13:16-17 (for those who are curious - it's talking about the mark of the beast)
"He also forced everyone, small and great, rich and poor, free and slave, to reveive a mark on his right hand or on his forehead, so that no one could buy or sell unless he had the mark, which is the name of the beast or the number of his name."
For those who think it's all a bunch of religious bologna, that's fine. Without reading too much into the mark (speculation can be a big rabbit trail), the principle of the matter is that there will eventually be a time when those of us who have promised not to take such a mark (whatever it may be) will have to opt out - under the threat of certain hardship and persecution. For those of us who are not comfortable with the technology, hopefully there will always be the possibility to opt out.
Privacy is a whole other matter, not to mention that this is a pretty cracked tech. My problem with this whole thing is the precedent...
Where it will be used is in fraud scoring. The Alliance and leicester trialled small webcam like devices on ATMs but for some reason took them out of service. Recognition is useful, but it will not be used to block transactions, it will mostly likely be used to raise a score on a fraud profile for a transaction.
This type of fraud profiling is becoming more important because the UK will be moving to Faster payments at the end of 2007 - where once banks had 3 days to run scanning products (for terrorist account activity and fraud) - they will only have a few minutes. The problem at the moment in the UK is that customers do a lot of electronic payments compared to USA - so many transactions will not have time for all the fraud checks.
so if someone who looks nothing like my description makes a transaction, then the score will increase on the account which can then implement further fraud checks in resulting transactions.
when I designed and built a fraud detection system for a UK mobile operator, we found that when a handset/number had fraud committed on it - it usually was usually picked up by lots of the fraud scanners and would stick out like a sore thumb. Each customer would have an associated fraud score and when it reached a certain point, the fraud team would get involved.
> "your password must contain at least one number". WTF?
It means your password won't be a word from a dictionary. You've not heard of `dictionary attacks` then?
> I do not see, from a code POV, why it matters that the password is less than X characters.
I don't see that this has anything to do with coding.
> capping the max so low, and so close to the min, is just madness
The min is obvious. There has to be a maximum. I know of some sites which let you use any length you like, but only the first N is actually checked. This works both ways - great for people like you who want to enter whole sentences, as long as enough is stored to make the password secure.
I don't have a problem with writing down passwords. This allows you to come up with short-ish yet strong passwords like "K8*_2dYD1". The downside with writing them down is just that people might find your password list, but normally you're defending yourself against people who haven't been through your property. If people really want your password and they have access to your password list they probably also have access to your PC and can look for data there, install keyloggers etc.
If you're going to write them down, there are steps you can take to make the information less accessible, such as not identifying which password is for which account; not always writing down the full password or always adding a fixed number of characters to the start of each password which you have to remember not to enter when you're logging in; writing down made up passwords to the list so people waste log-in attempts attempting duff ones etc. You could also not keep the passwords all in one place, or maintain multiple password lists, and keep a decoy list somewhere obvious etc.
" remembering "tuesdaypass442" is not so easy"
Use a pattern. It is easier to remember and harder to break. qk2mwj3n is not a bad password and the pattern isn't that hard. Keep the same pattern and then extend it for whatever password length you need.
I reserve the write to mangle english.
I thought it was PIN Identification Number Number?
(joke)
Open source, flash charts
I am an identical twin, does this mean that my brother will be able to get into my secret pr0n folder using only his (And my, I guess) god-awful visage?
Bad idea: some people, like myself, have extremely ugly face which are going to break the camera.
"Error: sorry this machine is not configured for baboons" :-(
monk.e.boy
Open source, flash charts
Those are all good points, but the main problem I see with biometrics is that it puts humans rather than keys/cards/ids between the criminal and their target. With previous tech, the criminal could just wait until no one is around, and steal their keys/cards/tokens. With this approach, the criminal is much more likely to resort to putting a weapon in someone's face, and forcing them to assist in a crime. With a sufficiently principled person, that could lead to death.
Great. Now my evil twin Skippy will be able to blow through my bank account.
A snippet :
"So far, face recognition methods have focused on appearance - capturing, representing, and matching facial characteristics as they appear on two-dimensional images in the visible spectrum. This is quite challenging to machine recognition because such characteristics vary with orientation, age, habits (beard etc)), and illumination. Instead, the UH system uses three-dimensional information."
More info:
I have visited the lab at UofH. They are using ir cameras to scan the face and by using ir data they determine blood flow patterns in the skin, especially around the eyes. The application was first developed as medical imaging tech. From what I understand, the blood flow pattern is unique making it suitable for ID purposes.
It's "coup de grâce" (with the little hat over the 'a' that I think the
You can't take the sky from me...
"Biometrics" was a technique of the late 19th century. Its ad dead as DRM -- IMPOSSIBLE. Even DNA has its problems and the only biometric technique that that survived over those last 100 years is fingerprinting and then we got 'experts' in court that 'go with the flow'.
Ever listen to lawyers debating DRM? We know that's impossible and these idiots would best loosen their ties.
Even if it worked, a society where if you do a "crime", expect the "time" is no Utopia. This is troll, but
the whole abuse of technology by "authority" will never go anywhere. Time to push it in their faces and maybe some see. Can't work, won't work and anyone who believes the authorities will win with this is a sissy. This is the problem with our young hackers today, perhaps it was in my generation too -- but a hell of a lot of people 'got away' with their "crimes". GOOD FOR ALL of THEM!
One thing we must remember is to always be honest about it. I told the BBC I would have their programmes on BSD, DAY ONE! Somehow I see a similarity, but biometrics is dangerous. So what if you pay for everything on Windows. If people start cutting off fingers and other mayhem, that's "Biometrics at work". Push the hackers underground and thats serious and when "criminals" learn the trade -- You're first America!!!
"Your face was still not recognized, we will now confiscate your head for investigative purposes. Thank you for using face bank!"
*guillotine drops*
WTF are you talking about? How does the lack of a pretty decompiler imply the impossibility of facial recognition?
For one, several different samples of source code could compile down to identical assembly code. Variable names and comments are lost during compilation, so those can't be rebuilt. And different constructs in the high-level language could also boil down to identical machine code during optimization. Still, you can certainly decompile assembly code to express it in a high-level language, but it's going to look like machine-generated code without some human intervention.
With decompilation for translation you also have the problem of certain concepts being easily expressed in one language but not another. For example, Babel Fish can convert a French poem into English, but the literal translation will be awkward in meaning and totally destroyed in rhyme and rhythm. Trying to convert between BASIC and C++ will produce a similar result: a literal translation (which must exist if both languages are Turing complete), but a real mess for a human to read and use.
But that's all irrelevant to facial recognition. That system just needs to compile and compare condensed data (vertices, surfaces, brightnesses) from the face it sees now with the face it's seen before. If the data matches within some tolerance then the ATM can accept that as partial verification of your identity. It doesn't need to construct a full replica of you that your mother would mistake for her own son.
I don't imagine that a static facial image alone will grant a person full access to their account. There needs to be additional verification: a PIN, a credit card, a smart card, a dynamic biometric, and/or a challenge/response. If access were based on face alone then a twin or a thief with a plaster bust could impersonate you. Probably a smart card would be sufficient -- a smart card plus facial recognition is certainly harder to fake then a simple magnetic card plus four digits.
Somebody who didn't read:
The article:
So if the system only needs my face... how does it know I am not under threat to perform whatever action is required?
With my home security system I have two codes, one deactivates the system allowing entry, the second allows entry but immediately calls the police. Both operate exactly the same from the stand point of someone who doesn't know the number.
I guess we could "combine" features, use facial, iris, or other physical, identification with PIN numbers and such for sensitive activities and just allow the non-PIN activities for items not considered critical.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
I remember one system, with requirement, that EVERY password in system should be unique.
Thats right, if you where trying to register and someone already used that password, you
were given error message that this password is already used. And whats more, account of
user that registered first with that password, was blocked for "security" reasons.
I think it's time we have a password instead of a pin. What's hilarious is that, if this PIN was called a password, it would be way to insecure. Some people might want to have crappy passwords, some of us will choose to memorize something longer. Of all the passwords I can think about, I think my PIN would be the last one I would want someone to have, yet it's the least secure.
My bank doesn't have billions of customers. At first, each bank's ATMs would probably only work for their own customers, so the database is cut down to a few million at most. Or the system could be used for granting building access at a school or business, limiting the population to a few thousand.
Anyway, I think facial recognition would have to be used in tandem with a magnetic card or smart card; this is to replace the PIN, not the card. So the ATM already knows who I claim to be and has to check just one set of data points for verification.
Even if you wanted to search for a match among billions of possibilities, is that really so far fetched? You could quickly narrow the possibilities by filtering by a few gross characteristics: head size, aspect ratio, eye spacing. nose length. You'd never actually compare the 3-D data from the user with all of the 3-D data from everybody in the database.
Bill Gates mask.
this is the most important sig ever! In your face 446154!
Oh no, what will the bank think of my new beard?
Couldn't agree more with the multi-factor biometrics authentication story ("what you have" / "what you know" / "who you are"). The real problem with the facial recognition is the equipment required to install it anywhere where you would need a password challenge. I don't expect either banks or consumers to be running out and buying cameras to mount at all terminals where a password challenge is required. Hardware like that is expensive. And frankly, ATM security seems to be pretty fine for most folks because it is multifactor (know the PIN + have the card).
No, there are other places where biometrics security makes a lot more sense. I'm a big fan of speaker identification & verification, especially for over the phone transacations. Especially as the world goes mobile. Who wants to key in a password via T9 when you can accomplish the same thing with the voice channel built into the phone? And it's something you have (phone/ANI), something you are (voiceprint), something you know (spoken password... you know, like "Big Boy"). Best part -- no expensive hardware.
Disclosure: Yes, I work at a company that sells the stuff. I prefer to think that makes me a subject-matter expert, not a shill.
~Idarubicin
I wonder how this works exactly. What if you become fat ? What if some mission:impossible fanboy decides to make a silicon replica of your face and go check your bank records, huh ? They call that security ? Before, to get someone's password, you 1: needed to know there mother's birthday or 2: Use torture. Now, You can take your replica sword from some anime and chop the guy's head off. Right.
Yeah, and I'm used to using my PIN Number at my ATM Machine.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Common guys non of you are Space Quest ]I[ Fans?
Doppelgänger. Enough said...
The game.
That's where medical science changed a man's face.
How would plastic surgery affect this form of biometrics? IE Facelifts...
Life takes interesting turns, but the most interest is when you're off the beaten path.
You have to consciously enter a PIN to give it away - unless you're fooled by a complete rebuild of an ATM, you're not likely to enter this particular number anywhere else
It has happened over and over again. People use their ATM cards to enter indoor bank terminals (that's pretty common in Europe at least). Crooks have set up key pads and card copying devices instead of the card swipers, successfully copying thousands of cards together with pin code information. Also ATM machines have been successfully and repeatedly modified to copy the ATM cards inserted. A little camera mounted close to the ATM key pad recorded the PIN entered by unsuspecting victims.
but you show your face to everyone in the street, making it trivial to get several photographs of it and even do a 3D reconstruction if desired
If you know how to make such a 3D copy from a few random camera images, a lot of people would pay you wads of cash for that. There was until recently a 3D scanner lab operating at Stanford University (http://graphics.stanford.edu/projects/mich/), which used complicated equipment to achieve this task. Even there I'm not sure whether you can reproduce the detail required to pass biometric face verification.
Facial recognition, on the other hand, requires - unless there have been vast advances - very good lighting, a clear image of the face not obscured by sunglasses, intensive make-up or bruises, and no vast changes in hair style or beard growth
Every 1 hour foto shop clerk can tell you how to create consistent lighting for a mug shot. Believe me that biometric equipment makers either have figured this out by now or are going out of business shortly. Believe me, the face being unobscured by sunglasses will be happily provided by its rightful owner if he wants access to a room protected by a biometric verification system or to his money through a biometric ATM machine. Make up is virtually invisible if you work with infrared light - pretty much standard nowadays. If you have ever had any experience with biometric face verification you know that the mouth part of you face is not considered by face verification software because it changes too much - beards, body fat, movable jaws
Image recognition is cost intensive, energy intensive and computationally expensive; a keypad of the highest level, secure and proof against vandalism will cost what? A couple of hundred bucks at most?
I have no idea where you got that from. An infrared flash is vastly less energy intensive as the CRT display of must ATM machines in use today, same holds for LCD. The cost is as close to zero as you want it. As far as computational power is concerned: An Intel Celeron M running at 1.5 GHz does a high quality face comparison in well under a second. So your keypad may be cheaper in the short run. But you forgot about additional costs because people forget their PINs or leave notes with that info lying around where it can be seen by not so honest folks.
To get facial recognition you need light sources that don't interfere with the cameras
Every disposable camera maker has figured this out by now.
the cameras themselves
US$10 buys you decent OEM camera modules doing 640x480 at 30 fps
complex software behind them
Which you need to write once but this has been done already
you need large amounts of data on the facial features. Granted, it might be easy to compress them to a couple of hundred kb's if you're willing to sacrifice some accuracy
Have you every worked with any kind of biometric system before ???? Images of faces are condensed down to a few kB at the moment and yield fantastically low false acceptance and false rejection rates. Even if you compress your mug shot with JPEG, 20 kB can do the job quite well
Problem of false negatives and
...replace the dozens of personal identification numbers (PIN)... The crucial mistake is the term replace. If they wanted to add facial recognition, that would be great.Instead of ranting on this for the 10,000th time, I'll just provide the link to Two-factor authentication
Ahh yes, expanding the frontiers of re-redundancy!
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
What happens when (and this happens ALL the time) I need to give my bank card to my girlfriend or one of my close friends? Are they supposed to just take my face with them? Correct me if I'm wrong, but I thought that we invented ATM machines and bank cards for convencience. Nothing convenient about having to go and take out money for someone else because they can't use my card that I authorize them to use.
http://biometrics.cse.msu.edu/abstracts.html#face3 d
We've had this going on at msu for years now. 3d face modeling and such for pin #'s, etc.
The 3d face recog technology was demonstrated on local news with the head of our CSE department and the main team members for the project. It's actually pretty cool..but somehow I feel like they're getting shafted while other schools try to do the same thing.
VERY BAD IDEA Victims Heads will soon be carried around from ATM to ATM. Use YOUR head while it is still attached to your body and read this: http://teaminfinity.com/robo_WAGELESS_headintact
The Future is already here, just unevenly distributed... THE ROBOTIC WAGELESS ECONOMY NOW! http://RoboEco.com/slash
I did some research on usability analysis for "Face PIN" (face number don't make sense but anyway), which does not replace the PIN but instead it helps you reconstruct the number using a grid of faces. It seems that people tend to remember faces quite easily. It will also eliminate any social engineering since your faces cannot be communicated verbally. One scheme is to use 4 different grids of numbered faces where each face represents one digit in your PIN. Those grids can be placed on the back of your credit card. There are drawbacks and solutions as such, ofcourse but I'm not going to mention now. Check this site which has a similar scheme about faces: http://www.realuser.com/
Face PIN is already patented, I'm just doing the usability analysis.
I fully agree that "PIN Number", "ATM Machine", "NIC card", et al, are some of the most irritating things (up there with pluralizing with an apostrophe).
"NT", though, is more than an abbreviation. In this usage, it's a proper noun. Saying "NT Technology" is no more silly or redundant than saying "Linux Technology".
What about using your ATM card at the grocery store or a gas station? Are all these places that currently accept ATM cards going to have to implement these face recognition cameras? You know that isn't going to happen. So, are we then going to have to use a credit card. Wouldn't that partially defeat the purpose? I just don't see this as feasible.
Are we all lost in darkness or have we just not turned on the lights?
No, it's "personal PIN identification number." You can't completely understand this unless you're eating a pizza pie while drinking chai tea.
I've fallen off your lawn, and I can't get up.
The only biometrics I would trust would be an EEG style device that measured your brainwaves as you either thought about a specific memory, or twitched some muscles in sequence. That way, the password is still internal, but non-reproducible even if someone watches you to see what muscles you twitched. And, there's no issue like someone cutting off your finger to use for a finger scan because you have to be alive, cognizant, and (likely) not under fear of death for it to work.
That said, the minor OCD in me says "eww, head lice".
The first is that biometrics suck and are usually almost trivial to subvert.
Okay sure, spend $50 on some sensor or $150 on sensor+lock and it will accept a fake finger. But that's not your average biometric installation.
What do you do if somebody hacks your credentials as well?
If the bad guy wants in, he won't try to reproduce your *face* to get in. This is just absurd.
The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced.
Except biometric installations aren't replacing many access control mechanisms with one. This just isn't happening right now. Later on when stupid people implement biometric authentication, it probably will. They'll probably buy the $50 biometric device too. **Good** biometric systems are expensive and the people paying for them want the best and they normally get it.
The fundamental principle here is that centralising security often reduces security.
As stated before, this is not what's happening in biometric installations. Yes, it's quite true with servers. But biometric installations and servers are not comparable.
Finally, biometrics is an excellent solution to some problems. As the technology continues to improve, it will only get better.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Goddamnit. PIN is Personal Identification Number. STOP SAYING PIN NUMBER. That means Personal Identification Number Number, asshole.
Biometric systems are sold on the premise that everyone has unique qualities they carry around with them. And, while this is true, the ability of even the most sophisticated system to quantify that is still limited.
Quantification usually takes the form as reducing physical qualities to numbers and checking the numbers just read with the numbers stored, usually with a hefty margin of error. It's a guarantee you could do a plastic mock up of a face that would read true and wouldn't fool a myopic five year old.
The T is for Ten, not Technology
When I walk into my bank they already do face recognition, it's astounding. Of course, if I go to a different branch they require a different set of identifications. It's uncanny how the teller recognizes me. It even worked when I was wearing a hat and had a sunburn. Their system was even a bit concerned about it! Amazing.
Phonetic misspelling should be nipped in the butt.
Obama likes poor people so much, he wants to make more of them.
Because those would take up too much room in the database :P
It's scary how many sites have max length limits, which implies that they're storing passwords unhashed -- even scarier is when you *know* sites are storing passwords unhashed, because every time they send you a bit of physical mail your username and password is printed across the top of it. An example of this UCAS, an organisation with vast amounts of personal information about pretty much every university student in the UK.
A related weird one is UK student finance, who require you to have an ID number (10 digits) one password (5-10 letters, no punctuation (to stop SQL injection?), and at least one number), and one security question* -- and you have to answer all of the questions every time...
* with a very limited range of questions -- "who is your favourite football team?", "what's your favourite band?", "where did you meet your current boy/girlfriend?", none of which applied to me, but all of which could be trivially socially engineered in 90% of cases.
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Old Days: MIT Guide to Lockpicking New Times: Learn to Sculpt Faces
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
From: IT department
Re: Biometric authentication update
Dear users,
As you may know, we here in IT are always on the cutting edge of technology and security. We have been investigating new methods of user authentication for some time, and have finally selected the technology that we intend to use. From now on, all user authentication will be done using facial recognition biometric technology. This will, unfortunately, force us to make some changes to several of our long-standing policies with respect to authentication. These changes are necessary, as users will no longer have a "password" in the normal sense of the word. Instead, a user's face will play the part of a "password" on the company network. The following is a set of changes to our corporate password policy:
We realize these changes may take some getting used to, but we are certain that you will all feel better knowing that our corporate data is secure. After all, everything we read seems to agree that biometric authentication is the next big thing, so we are certain that within a few years, everyone will be doing this.
Sincerely,
Your IT department.
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
Several highly moderated folks have said this is a bad idea. But it's not a bad idea to check for biometric data like faces, fingerprints, etc. It's a bad idea to use those instead of passwords, rather than in addition to passwords.
I think it was Bruce Schneier who grouped authentication mechanisms into three kinds: something you have (like a physical key or device), something you are (like your retinal pattern) and something you know (like a password). You can great security by combining these mechanisms; requiring both a PIN and a facial recognition scheme. If you use all three, you can even conveniently replace keys when they get lost (so long as the user knows his password and passes biometrics) or replace passwords when they're forgotten (so long as the user has her physical object and passes biometrics).
When I moderate, I only use "-1, Overrated". That way, I never get meta-moderated!
Which manufacturer? Where did they buy it? Who provided the application that accepted a photocopy?
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Well, if it was just the PI Number, then everyone would be typing 3.141592653589793238462643383279502884197169399375 10..... and so on on the keypad forever!
The
Just create an eight-character password with one number and one capital letter. It will work just about anywhere (you might need a spot of punctuation on rare occasions, in which case just stick a period on the end). Password requirements may be inconsistent in borderlines cases, but if you just stay away from the borderline there's no problem.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
http://iqbio.blogspot.com/ had a blurb on what you claim. Both applications (a door lock and a sensor on a laptop) are crappy.
Spending several thousands of dollars for a door lock and several hundred for a proper access control peripheral would defy mythbuster tests. It also would make bad tv, so you'll never hear about it.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
For your viewing enjoyment, I present to you the Northwestern University IT Password rules:
Your password must:
Your password cannot:
Oh, and they make us change them every ninety freaking days. I will never understand why any site anywhere has a MAXIMUM password length; doesn't that reduce security, if anything?
The reason why it is a bad idea to use your face as a password is that everyone can see your freakin' face.
I've heard of image processing techniques that take 2-D photos and extrapolate 3-D information based upon shading, info about light sources, etc. Might it not be possible to create a "fake face" that is close enough to fool facial recognition systems? It really IS like taking a Jiffy marker and writing your PIN on your forehead.
Perhaps you could make facial recognition systems strict enough to detect such a fake, but if you did that then you'd get too many false positives. What would happen, for example, of RMS decided he was finally going to get a shave and a haircut? He'd be frozen out of his bank accounts! I can tell you from personal experience with fingerprint systems that they royally SUCK because they are too damn picky (it isn't a nice experience after an afternoon at West Edmonton's World Waterpark to be denied access to your towel, streetclothes, wallet and car keys because your fingerprints have shrunken just enough from the water to keep you out of your locker). I would NEVER want this sort of technology to keep me from my cash at an ATM!
Another issue is that using biometric info as a PIN is that it makes it impossible to follow the advice your bank always gives you--that is to use a different PIN for each account. It's not like I can just switch faces from one moment to the next.
At my last job, we had a very interesting password policy. All passwords had to be known to the Admin and could not be changed. Then, all the passwords were printed out, mailed overseas to our corporate headquarters and stored in a safe. Sadly, since it was such a pain to change passwords (or to retrieve them if one was forgotten) the Admin assigned everyone the same password - the name of the company.
Any plan which depends on a fundamental change in human behavior is doomed from the start.
Actually going to their site does provide a bit more of details since they are not the only university researching this. Lets see...
-They are using a 1 pod system for capturing 3d data. Most imaged based 3d-capture systems use 2 (or more) pods so that the pictures taken are at sufficiently different angles for the 3d reconstruction. This is important since a 1 pod system is probably a more stable system (bumping a 2 pod system can often send it out of alignment, requiring a recalibration).
-They are using an infrared image to remove things like hair and glasses. I know from experience that most image based scanners have problems capturing hair and get screwed up by glasses. The projected light pattern used for the reconstruction gets lost easily in the hair. Glasses distort the light, causing interesting artifacts like spikes shooting from the rims or the lenses caving into the face.
What about f(hash(hash(nameOfSite)+hash(username)+hash(key))) ?
f() is a function to transform the hash according to the requirements of the password. I've started using a version of this I wrote myself for my passwords. I can change the key every six months or whatever and just remember the previous one for any occasionally-used logins.
My next step is to get it in a form I can use locally on my phone, so not even the source code is trivially available to others (it's a web page at the mo). Paranoid? Moi? (Actually, can you run a local html/js file on Symbian? Presumably the iPhone would do this happily, anyone know?)
I was thinking the other day about protection for really secret stuff (far more secret than anything I have, obviously). If you're likely to get tortured what you really need is a second password that gives access to extensive but fake data, to throw them off the trail!
Fair enough, but I imagine checking anything less than 5 characters with brute force is fairly trivial for a modern PC these days.
Have gnu, will travel.
"The Alliance and leicester trialled small webcam like devices on ATMs but for some reason took them out of service."
Probably because they had too large a false acceptance rate (FAR). The thing is, with the technology in the article you use a special enrolling phase. If you already have someones head enrolled in good quality, it becomes much easier. Furthermore, unless the faces were linked to the card (which I highly doubt), they would have to do N:N comparisons. Anyone could be in front of the camera, and could be any one of xxx fraud suspects. With the technology in the article, the system has already identified the person, and the system is only used for 1:1 comparisons. Which are, say 1000 times easier to do.
Normally, these cameras are used to give the police a mugshot after the fact, although it would be a pretty stupid thief to be caught like that. Then again, petty theft thieves usually are.
Catwoman can't scratch her itch for more surgery. Her automated bank refused to positively ID her.
Model behavior!
http://news.bbc.co.uk/1/low/health/732472.stm
I'm sorry, did you actually mean to reply to my post? I don't see where you wrote anything related to what I wrote.
At some point in the future, we'll be reading a humerous story about how someone put a picture of a butt up there, and "George Bush*" gets recognized, or vice versa.
* Or politician-of-the-month at that point in history
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Face Recognition Vendor Test with actual tests and results.
http://frvt.org/
HowStuffWorks page on face recognition. See page 3 on Surface Texture Analysis to see how changes in face features do not break face recognition using that method. (ie, the distance between your eyes, shape of your eyes, skin texture on cheeks and forehead, etc. are all used to recognize a face.)i on.htm
http://computer.howstuffworks.com/facial-recognit
Brief introduction discussing 2D and 3D face biometrics. Notes how 3D imaging of faces defeats someone using a photo to fake the system.
http://www.3dface.org/home/introduction.html
MIT article talking about face recognition in detail (actually, discusses results of the FRVT 2006 test from first link).a rticle.aspx?id=18796
http://www.technologyreview.com/printer_friendly_
Also, some of these articles mention "liveness." This is a test where the camera takes multiple images, or is actually a video camera where every frame is analyzed (yes, you can analyze almost every frame in decent quality video for faces on a regular desktop PC). The algorithm looks for blinking eyes, slight movements in head position, etc, to ensure that the subject is "alive" and not a photo/fake.
Last note, the Surface Texture Analysis method can distinguish between identical twins. One company, Identix, has publicly tested this and challenged twins to present themselves to be identified. The system successfully identified each twin differently from the other. Even considering makeup, etc. (I can't find a good link for the test results, though there are several statements by Identix that their software ABIS 3.0 can distinguish between identical twins.)
> Huh? Hashes (of the same type, obviously) are always the same length, no matter what the initial string is. There is never any technical reason to
> reject any password, no matter how many (or few) or which characters the password contains.
Who mentioned hashes? I know of a site where only the first 8 characters are used, even though you can enter more. This provides a false sense of security. Suppose your password was:
simpsons_st1nky!
because you always postfix your password with a strong-ish nondictionary attackable set of characters. If they're not being stored, or used as part of the hash, then your password is vulnerable. Better to let the user have all the information and make their own decision. Either that or always make a hash on the full password, and just store the hash.
What I do is enter my passwords on the list with something like fg***cs where I know what those stars are and they are the same for each password so even if someone got a hold of my sheet, it really wouldn't help them much unless they had a lot of time on their hands. Downside is that once they crack one, they have them all.
It is the mark of an educated mind to be able to entertain a thought without accepting it.
What happens if you have an Evil twin?
dnuof eruc rof aixelsid
My apologies, the content of my reply was to the parent of your post, but it was your mention of hashes that set me off.
Yes this is a good point. It would get a bit difficult if people all had N layers of false data to traipse through, and everyone knew this was a liklihood. I'm sure there are people out there who do it, though.
What about a false PIN in case you get frog-marched to an ATM and forced to take out money at gunpoint? A code that a) alerts the police and b) limits the apparent balance might be useful. Then again, I suppose CCTV would probably catch it near a bank, and you can be insured against that sort of thing.
Dude, your post so rips off the above one by andy666.
No problem. I was just rather confused. It happens a lot when you reach my age.
I'm more concerned about my good twin brother!