Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Face Recognition Instead of a PIN Number

Posted by samzenpus on from the please-enter-your-face-again dept.

coondoggie writes "Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications, but researchers at the University of Houston (UH) are trying to make the technology far more ubiquitous and secure: they want it to replace the dozens of personal identification numbers (PIN), passwords and credit card numbers everyone uses every day. University researchers developed the URxD face recognition software that uses a three-dimensional snapshot of a person's face to create a unique biometric identifier."

7 of 254 comments (clear)

  1. Bad idea by Ckwop · · Score: 4, Insightful

    This is stupid for a couple of reasons. The first is that biometrics suck and are usually almost trivial to subvert. See the $10 fake finger, for an example. What do you do if somebody hacks your credentials as well? Have facial re-constructive surgery? But even if you had very good biometrics that were hard to fake, it still less secure than having separate credentials to access everything.

    Why is this? Well for the sake of argument, let's suppose it costs £50 to create a duplicate of my chip and pin card that will work in any cash point. I have four such cards in my wallet so the cost of duplicating them all is £200. In order for the biometric to replace my cards completely and be equally secure, it has to cost more than £200 to fake.

    The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced. This doesn't just apply to bank-cards it also applies to national ID cards and any centralisation of security.

    The fundamental principle here is that centralising security often reduces security. This is something to keep in mind when you're consolidating servers.

    Simon

    1. Re:Bad idea by andy666 · · Score: 5, Funny

      I was walking over to an ATM machine the other day, when I realized that many other people have the same PIN number as me. I thought "they should have a personalized PIN number." Also, my bank still uses those old CRT tubes and they are hard to read, so they really need to upgrade the whole thing. Anyway I went into the bank to sit and talk to a representative about this, and I was reading a DC comic, and the light next to me was flickering. Damn that AC current! I took out my laptop, since I wanted to learn more about CSS style sheets. (Are they under the GPL license btw ?) After about 5 minutes of reading I had a headache - I felt like an ICBM missile had hit my head! Or maybe it was from my LCD display. What I need is a vacation I thought - so I went home and started to pack my SCUBA gear.

  2. Check for life! by reality-bytes · · Score: 4, Interesting

    I hope this system includes some method to check whether the rest of the person apart from the face is present.

    Some poor Malaysian fellow has already lost a finger. I'd hate to have my head stolen just to access my bank account.

    --
    Ripping an new rectum in the fabric of spacetime.
  3. Its not the number of passwords that is the issue by cliffski · · Score: 4, Interesting

    But the fact that every single one of them has different stupid restrictions. I try to limit myself to two common passwords where possible. one is fairly short, one is quite long.
    Recently I needed a new password for a site. I tried the short one. "your password must be at least X characters". fine, whatever, that's why I use my long one,"your password is too long", so a new, made-up one "your password must contain at least one number". WTF?
    Can we not at least agree some standard on this? Like many people I end up having to write this new mangled password down, totally defeating its security.
    I do not see, from a code POV, why it matters that the password is less than X characters. Between 5 and 10 characters? WHY? what is wrong with between 5 and 50 characters? or 5 and 100 characters?
    Most people can remember a sentence pretty easily, especially a favourite catchphrase or movie quote, remembering "tuesdaypass442" is not so easy, and thus they get written down. I understand the need for minimum pass lengths, but capping the max so low, and so close to the min, is just madness. Give us flexibility in passwords, not some dubious new expensive tech to do the same job.

    --
    DRM-free indie games for the PC and Mac: Positech Games
  4. So... by QMalcolm · · Score: 5, Insightful

    Instead of using something that's secret and can be changed, they want to start using something that everyone can see, and is not changeable.

  5. Easy to reproduce and.. by QuantumG · · Score: 4, Funny

    The reason why it is a bad idea to use your face as a password is that everyone can see your freakin' face. Why not just write your password in black marker on your forehead?

    That's secure right?

    --
    How we know is more important than what we know.
  6. Re:PIN *NUMBER* ??? by yotto · · Score: 4, Funny

    The next person who makes an acronym joke, I'm going to fire a SAM-Missile like TCP/IP protocol attack on. I'm serious, you're going to need a DC Comics superhero or the skills of an FPS shooter main character to survive this one. First, your FAT table will go, then your NIC card, then all your OSS software, and for the final coupe de gras, I'll translate all your code to the COBOL language.

    Yeah, you'll be FUBAR beyond all recognition.

    --
    Pulp Audio Weekly - Geek News and Reviews