Amazon Wants To Replace Passwords With Selfies and Videos (thestack.com)
An anonymous reader writes: Amazon has filed a patent application for a technology which would allow consumers to authenticate transactions via selfie or video. As part of the verification process, the computer or mobile device will prompt the user to 'perform certain actions, motions or gestures, such as to smile, blink, or tilt his or her head.' Amazon claims that the introduction of facial recognition technology will make transactions more user friendly and secure than conventional identification methods, such as passwords which can be stolen and hacked.
Exactly this. We keep telling everyone not to share their passwords. What's one of the big things people love sharing? Photos of themselves! When you make someone's face their password, you've just turned every selfie they've ever sent into a shared password. How long would it take to compile those "password shares" into something that could fool Amazon's system?
I recently tried an app MSQRD which maps someone else's face onto yours. It works surprisingly well: changing your face into a gorilla or Tony Stark or Barack Obama. You can move your mouth, tilt your head, etc and it keeps working. Now imagine if someone were to make something like that but using all those selfies that someone posted and using the result to fool Amazon's app into thinking that's what you really looked like.
Passwords have their flaws, but those can be mitigated by additional layers of security (e.g. two factor authentication). Facial recognition is one of those things that sounds good in theory, but falls apart on closer observation.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.