Lenovo Trying Face Recognition For Logins On New Laptops

← Back to Stories (view on slashdot.org)

Lenovo Trying Face Recognition For Logins On New Laptops

Posted by Soulskill on Sunday June 13, 2010 @03:50AM from the careful-about-shaving-that-beard dept.

judgecorp writes "Lenovo's new IdeaPads will be using face recognition as a way to replace passwords for users logging onto the laptops. 'Lenovo's VeriFace combines the Windows login and file encryption to password-protect individual files. It identifies users by matching unique features of their faces to photographs taken by the 1.3-megapixel webcam built into the laptop. When Windows users start up their PCs, a camera window pops up in the login frame. The user then just has to adjust their position so their face appears in the window, and VeriFace logs them in automatically.' That could be good, but is the technology really ready for mass market devices? HP ran into trouble when its face recognition software had trouble recognizing people with darker skin."

44 of 164 comments (clear)

Easy to defeat by Kazymyr · 2010-06-13 03:53 · Score: 3, Informative

Was there any breakthrough in face recognition recently? It was easy to defeat as of last year.
http://www.internetnews.com/security/article.php/3804906/Facial-Recognition-Gets-a-Black-Eye-at-Black-Hat.htm

--
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
1. Re:Easy to defeat by houstonbofh · 2010-06-13 04:07 · Score: 5, Insightful
  
  It doesn't need to be good, it just has to look good. It's all security theater and marketing.
2. Re:Easy to defeat by garcia · 2010-06-13 04:12 · Score: 2, Funny
  
  Oh, here I thought I just had to fire up http://thehun.com/ and show them one of those facials. Thanks for setting me straight!
Fool it with a picture? by hawguy · 2010-06-13 03:54 · Score: 2, Insightful

What's to keep me from holding up a picture of my coworker in front of the camera when I want to log in to her computer?
This sounds easier to fool than the fingerprint sensors that can be spoofed with silly putty.
1. Re:Fool it with a picture? by biryokumaru · 2010-06-13 04:05 · Score: 2, Insightful
  
  If I'm stealing a total stranger's laptop, I honestly don't give a crap about the data. I'll sell it to someone else who'll reformat it and sell it as "refurbished" on amazon.
  The only people who would ever care about your data are the people who know you, and they would have the capability and foresight to bring a picture. This system is almost as idiotic as security through voice recognition.
  
  --
  When you're afraid to download music illegally in your own home, then the terrorists have won!
2. Re:Fool it with a picture? by hughperkins · 2010-06-13 04:17 · Score: 2, Insightful
  
  Well, the technology may not be there yet, but conceptually, the strongest authentication available is some combination of voice and face recognition, as done by a human.
  eg, if you want a new passport, in England, you have to take a picture, and get someone you know to certify it's a true likeness of you. How does that person know it is you? Well, by seeing how you look like, and listening to your voice. I guess?
  So, from a theoretical point of view, this system is I feel sound. Just, maybe the technology is not quite there yet ;-)
3. Re:Fool it with a picture? by gregorio · 2010-06-13 04:41 · Score: 2, Insightful
  
  Well, the technology may not be there yet, but conceptually, the strongest authentication available is some combination of voice and face recognition, as done by a human.
  
  If you consider just a camera (with no additional sensors spread over a large area), it is a crappy concept. Its the kind of concept that stops being viable once it starts being possible.
  
  Only an awesome 3D camera with an extremely wide angle would not fall into the "just use a printed piece of paper" method. And that non-existent awesome camera would still fall for several other methods, such as well-built models of your face. Even if you're using awesome stereo vision from 2010, the same printed piece of paper in front of any cheap model of a human head will do.
  
  And the kind of AI needed for a computer to detect a person using only image and sound is HARD. So hard that when we actually have this kind of AI, the cheap tech needed to fool it (the hell, to fool real people) will already be available.
  
  eg, if you want a new passport, in England, you have to take a picture, and get someone you know to certify it's a true likeness of you. How does that person know it is you? Well, by seeing how you look like, and listening to your voice. I guess?
  
  The picture allows humans to recognise you. It is meant for humans and humans only.
  
  So, from a theoretical point of view, this system is I feel sound. Just, maybe the technology is not quite there yet ;-)
  
  It depends. If you can afford distributing sensors all over the place, it is POSSIBLE to avoid cheating. You can add cameras and distance sensors over a large area and youll stop most forms of cheating. High-tech cheaters can get away by standing in front of the system and using a special set-up to project a different image inside the camera.
  
  If all you want is a small sensor embedded on a laptop computer, its a stupid concept.
4. Re:Fool it with a picture? by witherstaff · 2010-06-13 04:43 · Score: 2, Funny
  
  Anyone else getting flashbacks from the Space Quest games? I remember you had to photocopy a painting to get past a facial recognition scanner...
Old, old news by toppavak · 2010-06-13 03:55 · Score: 4, Insightful

This has been available on Lenovo IdeaPad laptops since they first launched maybe 2 years ago.
1. Re:Old, old news by toppavak · 2010-06-13 04:01 · Score: 3, Informative
  
  Cnet even ran a piece over a year ago talking about Lenovo's response to subversion of the facial recognition system at a hacker conference. The general gist of the response was basically "we only use it on consumer grade laptops" and "we're constantly working to improve it".
2. Re:Old, old news by Alrescha · 2010-06-13 04:35 · Score: 2, Informative
  
  Facial recognition software came with the Ultraport camera for Thinkpads back in 2000 which would (fairly reliably) unlock your screensaver when you sat down in front of the machine. You could even require that you had to smile to prove you weren't a picture.
  A.
  
  --
  ...bringing you cynical quips since 1998
Ehmmm... Photo? by Ecuador · 2010-06-13 03:56 · Score: 5, Funny

So I can just grab a photo of the user whose PC I want to log onto and show it to the cam?
Much easier to crack than that darn retinal scan that requires me to get the eyeballs of my victim...

--
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
1. Re:Ehmmm... Photo? by $RANDOMLUSER · 2010-06-13 04:12 · Score: 4, Funny
  
  Yeah. What a PITA. Now you have to take their whole head.
  
  --
  No folly is more costly than the folly of intolerant idealism. - Winston Churchill
2. Re:Ehmmm... Photo? by Bigjeff5 · 2010-06-13 04:49 · Score: 4, Insightful
  
  The facial recognition has been circumvented on these with a photo of moderate quality. Since the camera doing the recognition is a 1.3mp camera, the absolute most you'll need to beat it is a 2mp photo, and likely a lot less than that will work. A new/clean driver's license photos might work, but a worn one probably wouldn't.
  The only way I see them preventing a simple photograph from circumventing this is using two cameras, scanning at different angles, and making sure the two images are slightly different but still match. In that case you would need a fairly complicated rig to get the cameras to look at two photos at once in order to fool them. Much better, but not exactly secure.
  As it is now, these are even less secure than fingerprint readers, which can be beaten with a lifted fingerprint (laptop readers require a transparency, but doors can be done with black dust and tape).
  The reality is biometrics never work like the movies. An image of your face can be recorded in high enough quality to fool a scanner, your voice can be recorded in high enough quality to fool a scanner, a good camera (around $1k or so) can even get a high quality copy of your retina from a long enough distance that you'd never know it happened, which could then fool a scanner. Fingerprints have always been a joke to bypass. In many cases you can lift the necessary print right off the scanner - you might as well have a sticky note on the screen with your password on it.
  All of them are easier to bypass than a simple non-dictionary password. A pass-phrase is several orders of magnitude more secure than the lot, and the easiest to remember. It's only when you want to make passwords super secure that people start writing them on stickies and slapping them on their monitors (note that I have actually experienced this in secure government facilities - it's extremely common when very complex passwords are required). You might as well just use biometrics then, for all the good it is doing you.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
This would be good for my work Blackberry by hughperkins · 2010-06-13 03:57 · Score: 3, Interesting

Im tired of unlocking my work blackberry with its tiny keyboard every time I want to check the latest email. Security policy mandates we use a long complicated password, which is a total pain to type every time you want to browse the web, or check the map, or whatever.
1. Re:This would be good for my work Blackberry by hughperkins · 2010-06-13 04:19 · Score: 3, Interesting
  
  > An analogy I often use is; "A good way to secure a car is to remove the wheels and put it up on blocks. It just doesn't make a very good car..."
  I bought the cheapest bicycle I could in China, 20 dollars, and it got stolen.
  So I bought the cheapest one again, and hit it with a brick for 10 minutes, until the paint is all scratched up, and the mudguards are dented.
  Hasnt been stolen yet :-D
Face recognition using just a webcam? by JaredOfEuropa · 2010-06-13 03:58 · Score: 3, Interesting

How easy is it to fool this thing? For instance, will holding a picture of the laptop's owner in front of the camera unlock the machine?

To make face recognition more secure, perhaps they should use two camera's and get a 3d scan of the face (can be fooled as well but less easy), or require that the face is moving. Perhaps even ask the user to read a randomly chosen word and lip-read the response.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
1. Re:Face recognition using just a webcam? by wtmoose · 2010-06-13 04:34 · Score: 2, Funny
  
  How about requiring the user to depress a preselected sequence of keys with their nose?
But will it recognize your expression and auto- by cavehobbit · 2010-06-13 03:58 · Score: 2, Funny

-complete to teenSchoolgirlsInIceCream.fap?
facebook by Sporkinum · 2010-06-13 04:00 · Score: 2, Insightful

I have been using it for the past couple of months on my netbook. It does a pretty good job as long as you aren't wearing glasses, and you are well lit. Most of the time, the lighting is not good enough, and I would need to remove my glasses. It seems to do well enough discriminating between other people though. I tried it with several different family members and co workers, and it never allowed them. It will log bad attempts, and save pictures of the attempted logins. It also has a mode to detect if a photo is being used to log in. That seemed to work blocking photos as well. I never tried the encryption mode, but since it is Lenovo, I'd bet it has a back door for the Chinese government.
Unless they get it to work in low light though, it's not ready for prime-time.

--
"He's lost in a 'floyd hole"
Lenovos already use finger print by kaptink · 2010-06-13 04:01 · Score: 2, Insightful

Whats wrong with finger print readers? I have a Lenovo laptop with a finger print reader and I couldnt be happier with it. This article is not entirely correct in saying face recognition to replace passwords since passwords are only used as backup authentication with most existing Lenovos. It sounds interesting but I dont really see the point. Unless of course you dont have fingers but then using a keyboard would be a bit hard to start with. Sound more trouble than its worth tho given skin tone issues.

--
Those who can, do. Those who cannot, sue.
1. Re:Lenovos already use finger print by fuzzyfuzzyfungus · 2010-06-13 04:28 · Score: 2, Interesting
  
  You only get 10 password changes.(not that face readers are any better in that regard).
  
  More realistically, it probably has a lot to do with the fact that fingerprint readers have a per-unit hardware cost, and are typically used to identify the laptop as a "corporate" model, while facial recognition is just software on top of the webcam that virtually all consumer laptops get anyway. It didn't cost nothing to write; but each copy costs nothing to load.
2. Re:Lenovos already use finger print by Bigjeff5 · 2010-06-13 05:01 · Score: 3, Informative
  
  Finger print readers are about the easiest of the biometrics to crack. The press-and-hold type of scanners you can usually just use fingerprint dust and clear tape to fool them, and you can get a good print right off the scanner. For the slide-type readers, you have to lift the finger print then make a transparency to break in. Not exactly difficult.
  Seriously, Mythbusters did an episode on it, and it was shockingly easy to break into a fingerprint locked computer or door.
  Stick with a password if you care anything at all about your data. If you don't want anybody to get your data ever, encrypt and lock your machine with a passphrase. If you just want to nominally lock the machine (like setting the little chain lock on an apartment door or using WEP for your wireless router), then biometrics are fine.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Aren't these the laptops that... by Antony-Kyre · 2010-06-13 04:06 · Score: 2, Informative

are full of bloatware? I thought I read somewhere that these rank number one or something.
Re:Who the hell would trust this? by El+Lobo · 2010-06-13 04:16 · Score: 3, Interesting

I have one of the new IdealPads with face recognition. The computers are gorgeous and face recognition works well. The first thing I tried was to print a photography of mine with good quality on a 4 arc of paper to see if i could fool the program to think that it was the real me. It didn't work, so I think it's ***reasonably*** secure.

--
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
so... by smash · 2010-06-13 04:17 · Score: 4, Interesting

.. how does it handle identical twins?

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
1. Re:so... by Bigjeff5 · 2010-06-13 05:09 · Score: 2, Insightful
  
  Why just dandy, it will unlock for both of them! And anybody who has a decent photo of either of them too!
  Seriously, the current state of biometrics are laughably insecure. A simple non-dictionary password, even a 6-8 digit PIN, beats a biometric lock any day of the week.
  Basically, when you see a machine or door with a biometric lock, it's like securing your wireless network with WEP. All you are doing is saying "Please don't break in - thanks!" You aren't actually protecting anything.
  Until they can reliably tell the difference between a photo and a live image (they can barely recognize dark faces, let alone discriminate against a photo) this is less than worthless. The same is true for all biometrics - fingerprint scanners can often be beaten with dust and tape, and if not a transparency of the print works as well as the original.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Re:Who the hell would trust this? by Venik · 2010-06-13 04:19 · Score: 5, Informative

Lenovo is not breaking any new ground here. My 1.5-year-old Toshiba Qosmio can with face-recognition software. The software works equally well with my face or a 1:1 photo of my face - either color or b/w. I think I will stick with passwords for now.
Beards by aliddell · 2010-06-13 04:29 · Score: 2, Insightful

For someone who grows beards and then shaves them off again as regularly as me, this might be a problem. Good thing I don't buy Lenovo computers.

--
What do you think, sirs?
Denial of Service by Rockoon · 2010-06-13 04:38 · Score: 5, Insightful

Now we get to see articles about a new wave of Denial Of Service exploits:

Method #1 - The Lens Scratch - No need for a special Key! You can use your own!
Method #2 - The Face Punch - Requires shockingly little computational resources!

--
"His name was James Damore."
great by circletimessquare · 2010-06-13 04:55 · Score: 2, Funny

now instead of scalping someone's finger to access their stuff, now i have to pull a hannibal lecter

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Re:Who the hell would trust this? by thebasicsteve · 2010-06-13 04:56 · Score: 2, Informative

This "feature" came installed on my Toshiba Satellite from a year ago. It pretty well sucks, requiring you to have enough light, align your face properly, and turn your head left and right. Takes about 1-2 minutes. Takes me maybe 1-2 seconds to type my random 8 char password...
Re:Terrible Idea by maxwell+demon · 2010-06-13 05:06 · Score: 2, Insightful

What about combining this with a normal password? Then an attacker would need both your picture and your password.
OTOH, you might want to keep a picture of yourself, in case you get injured at your head and the bandage makes your computer not recognize you.

--
The Tao of math: The numbers you can count are not the real numbers.
Re:Lenovo has already "tried" this by toadlife · 2010-06-13 05:08 · Score: 2, Informative

Yup., My Mom bought a Lenovoalso a few years back and it has this and she bought my son a Lenovo netbook which also does this.
The article is pure slashvertisement.

--
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Oh come on by nickdwaters · 2010-06-13 05:09 · Score: 4, Insightful

To those bellyaching about "security", It's targeted at the consumer... not the pinnacle of perfection demanding hyper geek crowd who demands absolute security. You can always disable the face recognition in favor of windoze login. If you are a cyber crook like gifted facial contortionist like Jim Carrey aimed at thieving a user's data great. You know who you are! As far as it having trouble recognizing those with darker complexion, perhaps the low resolution camera combined with poor lighting could be a factor. My laptop doesn't always recognize me in low light, and I just have a nice George Hamilton tan :)
Re:Who the hell would trust this? by 0100010001010011 · 2010-06-13 05:10 · Score: 2, Interesting

Why not both? Haven't slashdotters always said the best security is both something you know (your password) and something you "have" (your face).
Someone gets your password, but doesn't look like you: No entry.
As far as 'holding up a picture" you'd think that with 3D becoming the new fad and tiny cameras being cheap. They'd put 2.
MacBook Pro 2014 1 camera in each corner and the glasses-less 3D technology.
OOo imagine the porn.
People still don't get it.... by Beat+The+Odds · 2010-06-13 05:18 · Score: 2, Insightful

Passwords have a number of things that biological features don't have.
1) They are a secret
2) They can be changed at will
3) They don't require a physical feature (you can keep them in your mind).
Biological features are thought to be great because of their uniqueness. But the problem is that once they are compromised, it is permanent. So they are never good by themselves.
Re:Who the hell would trust this? by Khyber · 2010-06-13 05:32 · Score: 2, Interesting

Dude, this technology is FAR OLDER THAN YOU THINK.
I ran it on an overclocked 180MHz Compaq back in the mid-90s. It did EXACTLY THIS - Face-recognition as a password.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Re:It doesn't work. by Khyber · 2010-06-13 05:36 · Score: 2, Insightful

"Sometimes it won't let me in even though is my exact same face (maybe different way of combing it)"
You comb your face? Just get a razor, man!

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Re:Who the hell would trust this? by vertinox · 2010-06-13 05:53 · Score: 2, Insightful

You would need either two or 3 cams to pass the 3d test.
Actually that would get past the photo issue, but you'd need to put the cameras on other end of the laptop corners.

--
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Re:Who the hell would trust this? by hey! · 2010-06-13 05:57 · Score: 3, Informative

I didn't even try that, although its an obvious test.
Lenovo's face recognition failed for me because it slows down the login process. Even where it worked right off the bat (which it didn't always) it has to load the software, take the picture, scan it, then analyze it. If your face isn't optimally positioned, you have to stop what you're doing and orient yourself correctly to give the software a chance.
The result was far *slower* than typing a password in, so what was the point? If it were as instantaneous, flexible and reliable as human face recognition, that would be a different matter.

--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Re:Who the hell would trust this? by DamienRBlack · 2010-06-13 06:05 · Score: 2, Insightful

I think instead of going to a 3D camera, why not just take a video of them turning their face. Or if your worried about someone putting a prerecorded video in front of the camera, maybe you could have the software ask you to say something, then you get both voice recognition and video recognition that can't simply be prerecorded. Seems like the way to go to me.
Why not ? by obarthelemy · 2010-06-13 06:53 · Score: 2, Insightful

1- The best security is something you know + something you have, so password + face sounds good.
2- Oftentimes, when you use only one of the two (password, key card...) or even with both, people misuse security so much (staying logged in, reusing passwords, weak passwords...) that face on its own feels better.
3- And it can re-authenticate periodically without being too intrusive, which is good, too. It could maybe even detect as soon as the user changes ?
The one question is , how often do webcams fail, because the day I'm locked out of my computer by a faulty cam, I'll be pissed.

--
The Cloud - because you don't care if your apps and data are up in the air.
Fingerprints by transami · 2010-06-13 07:01 · Score: 2, Funny

What the hell happened to fingerprint scanners? I thought they'd be on every keyboard by now and we'd be passed all this password crap.

--
:T:R:A:N:S: