Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Trying Face Recognition For Logins On New Laptops

Posted by Soulskill on from the careful-about-shaving-that-beard dept.

judgecorp writes "Lenovo's new IdeaPads will be using face recognition as a way to replace passwords for users logging onto the laptops. 'Lenovo's VeriFace combines the Windows login and file encryption to password-protect individual files. It identifies users by matching unique features of their faces to photographs taken by the 1.3-megapixel webcam built into the laptop. When Windows users start up their PCs, a camera window pops up in the login frame. The user then just has to adjust their position so their face appears in the window, and VeriFace logs them in automatically.' That could be good, but is the technology really ready for mass market devices? HP ran into trouble when its face recognition software had trouble recognizing people with darker skin."

17 of 164 comments (clear)

  1. Easy to defeat by Kazymyr · · Score: 3, Informative

    Was there any breakthrough in face recognition recently? It was easy to defeat as of last year.

    http://www.internetnews.com/security/article.php/3804906/Facial-Recognition-Gets-a-Black-Eye-at-Black-Hat.htm

    --
    I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
    1. Re:Easy to defeat by houstonbofh · · Score: 5, Insightful

      It doesn't need to be good, it just has to look good. It's all security theater and marketing.

  2. Old, old news by toppavak · · Score: 4, Insightful

    This has been available on Lenovo IdeaPad laptops since they first launched maybe 2 years ago.

    1. Re:Old, old news by toppavak · · Score: 3, Informative

      Cnet even ran a piece over a year ago talking about Lenovo's response to subversion of the facial recognition system at a hacker conference. The general gist of the response was basically "we only use it on consumer grade laptops" and "we're constantly working to improve it".

  3. Ehmmm... Photo? by Ecuador · · Score: 5, Funny

    So I can just grab a photo of the user whose PC I want to log onto and show it to the cam?
    Much easier to crack than that darn retinal scan that requires me to get the eyeballs of my victim...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:Ehmmm... Photo? by $RANDOMLUSER · · Score: 4, Funny

      Yeah. What a PITA. Now you have to take their whole head.

      --
      No folly is more costly than the folly of intolerant idealism. - Winston Churchill
    2. Re:Ehmmm... Photo? by Bigjeff5 · · Score: 4, Insightful

      The facial recognition has been circumvented on these with a photo of moderate quality. Since the camera doing the recognition is a 1.3mp camera, the absolute most you'll need to beat it is a 2mp photo, and likely a lot less than that will work. A new/clean driver's license photos might work, but a worn one probably wouldn't.

      The only way I see them preventing a simple photograph from circumventing this is using two cameras, scanning at different angles, and making sure the two images are slightly different but still match. In that case you would need a fairly complicated rig to get the cameras to look at two photos at once in order to fool them. Much better, but not exactly secure.

      As it is now, these are even less secure than fingerprint readers, which can be beaten with a lifted fingerprint (laptop readers require a transparency, but doors can be done with black dust and tape).

      The reality is biometrics never work like the movies. An image of your face can be recorded in high enough quality to fool a scanner, your voice can be recorded in high enough quality to fool a scanner, a good camera (around $1k or so) can even get a high quality copy of your retina from a long enough distance that you'd never know it happened, which could then fool a scanner. Fingerprints have always been a joke to bypass. In many cases you can lift the necessary print right off the scanner - you might as well have a sticky note on the screen with your password on it.

      All of them are easier to bypass than a simple non-dictionary password. A pass-phrase is several orders of magnitude more secure than the lot, and the easiest to remember. It's only when you want to make passwords super secure that people start writing them on stickies and slapping them on their monitors (note that I have actually experienced this in secure government facilities - it's extremely common when very complex passwords are required). You might as well just use biometrics then, for all the good it is doing you.

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  4. This would be good for my work Blackberry by hughperkins · · Score: 3, Interesting

    Im tired of unlocking my work blackberry with its tiny keyboard every time I want to check the latest email. Security policy mandates we use a long complicated password, which is a total pain to type every time you want to browse the web, or check the map, or whatever.

    1. Re:This would be good for my work Blackberry by hughperkins · · Score: 3, Interesting

      > An analogy I often use is; "A good way to secure a car is to remove the wheels and put it up on blocks. It just doesn't make a very good car..."

      I bought the cheapest bicycle I could in China, 20 dollars, and it got stolen.

      So I bought the cheapest one again, and hit it with a brick for 10 minutes, until the paint is all scratched up, and the mudguards are dented.

      Hasnt been stolen yet :-D

  5. Face recognition using just a webcam? by JaredOfEuropa · · Score: 3, Interesting

    How easy is it to fool this thing? For instance, will holding a picture of the laptop's owner in front of the camera unlock the machine?

    To make face recognition more secure, perhaps they should use two camera's and get a 3d scan of the face (can be fooled as well but less easy), or require that the face is moving. Perhaps even ask the user to read a randomly chosen word and lip-read the response.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  6. Re:Who the hell would trust this? by El+Lobo · · Score: 3, Interesting

    I have one of the new IdealPads with face recognition. The computers are gorgeous and face recognition works well. The first thing I tried was to print a photography of mine with good quality on a 4 arc of paper to see if i could fool the program to think that it was the real me. It didn't work, so I think it's ***reasonably*** secure.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  7. so... by smash · · Score: 4, Interesting

    .. how does it handle identical twins?

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  8. Re:Who the hell would trust this? by Venik · · Score: 5, Informative

    Lenovo is not breaking any new ground here. My 1.5-year-old Toshiba Qosmio can with face-recognition software. The software works equally well with my face or a 1:1 photo of my face - either color or b/w. I think I will stick with passwords for now.

  9. Denial of Service by Rockoon · · Score: 5, Insightful

    Now we get to see articles about a new wave of Denial Of Service exploits:

    Method #1 - The Lens Scratch - No need for a special Key! You can use your own!
    Method #2 - The Face Punch - Requires shockingly little computational resources!

    --
    "His name was James Damore."
  10. Re:Lenovos already use finger print by Bigjeff5 · · Score: 3, Informative

    Finger print readers are about the easiest of the biometrics to crack. The press-and-hold type of scanners you can usually just use fingerprint dust and clear tape to fool them, and you can get a good print right off the scanner. For the slide-type readers, you have to lift the finger print then make a transparency to break in. Not exactly difficult.

    Seriously, Mythbusters did an episode on it, and it was shockingly easy to break into a fingerprint locked computer or door.

    Stick with a password if you care anything at all about your data. If you don't want anybody to get your data ever, encrypt and lock your machine with a passphrase. If you just want to nominally lock the machine (like setting the little chain lock on an apartment door or using WEP for your wireless router), then biometrics are fine.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  11. Oh come on by nickdwaters · · Score: 4, Insightful

    To those bellyaching about "security", It's targeted at the consumer... not the pinnacle of perfection demanding hyper geek crowd who demands absolute security. You can always disable the face recognition in favor of windoze login. If you are a cyber crook like gifted facial contortionist like Jim Carrey aimed at thieving a user's data great. You know who you are! As far as it having trouble recognizing those with darker complexion, perhaps the low resolution camera combined with poor lighting could be a factor. My laptop doesn't always recognize me in low light, and I just have a nice George Hamilton tan :)

  12. Re:Who the hell would trust this? by hey! · · Score: 3, Informative

    I didn't even try that, although its an obvious test.

    Lenovo's face recognition failed for me because it slows down the login process. Even where it worked right off the bat (which it didn't always) it has to load the software, take the picture, scan it, then analyze it. If your face isn't optimally positioned, you have to stop what you're doing and orient yourself correctly to give the software a chance.

    The result was far *slower* than typing a password in, so what was the point? If it were as instantaneous, flexible and reliable as human face recognition, that would be a different matter.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.