Amazon Wants To Replace Passwords With Selfies and Videos

An anonymous reader writes: Amazon has filed a patent application for a technology which would allow consumers to authenticate transactions via selfie or video. As part of the verification process, the computer or mobile device will prompt the user to 'perform certain actions, motions or gestures, such as to smile, blink, or tilt his or her head.' Amazon claims that the introduction of facial recognition technology will make transactions more user friendly and secure than conventional identification methods, such as passwords which can be stolen and hacked.

Re:Photo in front of the camera

[vtcodger]

And what happens if your face in damaged in accident, or you have a stroke, or you die? How do you/your caregivers/the executor of your will, etc get access to information on your phone/computer if it is well protected? Heck, how do you call 911 in an emergency, if your phone decides that you aren't an authorized user? I suspect that digital secrecy and easily accessible encryption may introduce a plethora of problems that no one is paying much attention to.

"Siri. There's a manic with an axe breaking down my door. Call the police."

"I'm sorry 'Dave' or whoever you think you are. I don't think I can do that without your passphrase and an image. Turn up the lights and try again."

Re:Can we stick with passwords?

[Jason+Levine]

If someone gets their hands on a suitable picture or video of me (really not hard to get a photo or video of the average person) and can use that, I'm shit outta luck.

Exactly this. We keep telling everyone not to share their passwords. What's one of the big things people love sharing? Photos of themselves! When you make someone's face their password, you've just turned every selfie they've ever sent into a shared password. How long would it take to compile those "password shares" into something that could fool Amazon's system?

I recently tried an app MSQRD which maps someone else's face onto yours. It works surprisingly well: changing your face into a gorilla or Tony Stark or Barack Obama. You can move your mouth, tilt your head, etc and it keeps working. Now imagine if someone were to make something like that but using all those selfies that someone posted and using the result to fool Amazon's app into thinking that's what you really looked like.

Passwords have their flaws, but those can be mitigated by additional layers of security (e.g. two factor authentication). Facial recognition is one of those things that sounds good in theory, but falls apart on closer observation.