Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Wants To Replace Passwords With Selfies and Videos (thestack.com)

Posted by timothy on from the what-about-gestures? dept.

An anonymous reader writes: Amazon has filed a patent application for a technology which would allow consumers to authenticate transactions via selfie or video. As part of the verification process, the computer or mobile device will prompt the user to 'perform certain actions, motions or gestures, such as to smile, blink, or tilt his or her head.' Amazon claims that the introduction of facial recognition technology will make transactions more user friendly and secure than conventional identification methods, such as passwords which can be stolen and hacked.

18 of 125 comments (clear)

  1. Re:Laugh by tiberus · · Score: 4, Funny

    'perform certain actions, motions or gestures, such as to smile, blink, or tilt his or her head.'

    As if Amazon isn't bad enough, now it's just downright creepy.'

    Creepy isn't quite the word that comes to mind, more like pervy.
    Just what "certain actions, motions or gestures" we talkin' 'bout here? Just wanna know if I'm gonna have to clean up afterward...

  2. Re:Photo in front of the camera by squiggleslash · · Score: 2

    Then you're going to have a problem when the computer tells you to tilt your head.

    --
    You are not alone. This is not normal. None of this is normal.
  3. Can we stick with passwords? by YukariHirai · · Score: 3, Insightful

    I'm not too optimistic about systems like this. Sure, passwords can be stolen, but if you're careful they can be kept secret, and they can be changed if need be. But my face? If someone gets their hands on a suitable picture or video of me (really not hard to get a photo or video of the average person) and can use that, I'm shit outta luck. And on the other hand, I'm also concerned that an automated system could decide that I don't look like me; the state of my beard at the time or whatever throwing it off.

    So in short, interesting idea, but probably not all that practical.

    1. Re:Can we stick with passwords? by Max_W · · Score: 3, Funny

      ...But my face? If someone gets their hands on a suitable picture or video of me (really not hard to get a photo or video of the average person) and can use that, I'm shit outta luck. ...

      A Niqb could be a solution, at least for women: https://en.wikipedia.org/wiki/...

    2. Re:Can we stick with passwords? by Jason+Levine · · Score: 3, Interesting

      If someone gets their hands on a suitable picture or video of me (really not hard to get a photo or video of the average person) and can use that, I'm shit outta luck.

      Exactly this. We keep telling everyone not to share their passwords. What's one of the big things people love sharing? Photos of themselves! When you make someone's face their password, you've just turned every selfie they've ever sent into a shared password. How long would it take to compile those "password shares" into something that could fool Amazon's system?

      I recently tried an app MSQRD which maps someone else's face onto yours. It works surprisingly well: changing your face into a gorilla or Tony Stark or Barack Obama. You can move your mouth, tilt your head, etc and it keeps working. Now imagine if someone were to make something like that but using all those selfies that someone posted and using the result to fool Amazon's app into thinking that's what you really looked like.

      Passwords have their flaws, but those can be mitigated by additional layers of security (e.g. two factor authentication). Facial recognition is one of those things that sounds good in theory, but falls apart on closer observation.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re:Can we stick with passwords? by I4ko · · Score: 3, Insightful

      How about the system recognizes the blood on my face and the knife on my throat or the gun next to my head. Using faces for passwords is as ridiculous as using fingerprints for passwords. Biometrics should only be used for usernames, passwords should be something you know, not something that you are.

  4. Multiyear Prime subscriber here... by rmdingler · · Score: 3, Insightful
    No. No. Hell no, Amazon.

    Allegedly for help with the troublesome task of entering passwords from a mobile device, this co-opting of the device's camera function is a bit too Orwellian.

    And if I get to where I can't use a mobile phone keyboard, I will use a tablet or just wait till I get my ass home.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  5. Reverse Engineering Social Engineering by fibonacci8 · · Score: 2

    Great, catfishing is already popular, so someone had to come up with a form of security easily thwarted by it?

    --
    Inheritance is the sincerest form of nepotism.
  6. Re:Photo in front of the camera by vtcodger · · Score: 2, Interesting

    And what happens if your face in damaged in accident, or you have a stroke, or you die? How do you/your caregivers/the executor of your will, etc get access to information on your phone/computer if it is well protected? Heck, how do you call 911 in an emergency, if your phone decides that you aren't an authorized user? I suspect that digital secrecy and easily accessible encryption may introduce a plethora of problems that no one is paying much attention to.

    "Siri. There's a manic with an axe breaking down my door. Call the police."

    "I'm sorry 'Dave' or whoever you think you are. I don't think I can do that without your passphrase and an image. Turn up the lights and try again."

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  7. Re:Photo in front of the camera by Joe_Dragon · · Score: 3, Insightful

    You can dial 911 from the lock screen.

  8. Re:Laugh by crunchy_one · · Score: 2

    My gesture to Amazon: Middle finger up.

  9. Re:Laugh by rmdingler · · Score: 2
    "I'm sorry Mr. One. That password is already in use.

    Please choose again. Suggestion: middle finger up with the pinkie of your left hand inside your right ear."

    You just tried it to see if your pinkie would reach, didn't you?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  10. Security by JasterBobaMereel · · Score: 5, Insightful

    The 3 factors are
    Something you know : Password
    Something you have : Key
    Something you are : Biometrics

    also known as
    Something you forgot
    Something you lost
    Something you cease to be ...

    --
    Puteulanus fenestra mortis
  11. Uh, less secure than passwords by evolutionary · · Score: 2

    People are funny. They sell less secure technologies as more secure. Fingerprint passwords for example: Just grab a coffee mug, or better yet, a paper cup from a user who goes to Starbucks/Second Cup and presto! I have your password. Now we want to use photos? Graphic images or videos that are possibly published on Facebook (or Google+or some other social media). That is even easier to copy. We've all see that voice passwords can be duplicated, especially with snooping devices over cell phones (which we know the police use now). At least with passwords, they are easy to change and require an expert sniffer or getting into someone's head. Not perfect, and yes they are broken, but it take in my observation more work then getting a fingerprint, or better yet a selfie that has been transmitted to friends, family and every server/transmissions repeater point/server farm in between. You can argue passwords travel between servers too, but people send to send their favorite selfie to everyone. In other words, people are far more careless with selfies than passwords (Unless you are one of those in the dark ages still using relative/loved one's name with no numbers). Oh, it would also require us to remove the black tape many of us put over our phones/tablets/laptops to prevent hackers/backdoor users (aka government) from using our phones to invade our privacy. Even more insecurity.

    --
    "Imagination is more important than knowledge" - Einstein
  12. Re:Photo in front of the camera by hoggoth · · Score: 4, Funny

    > How do you/your caregivers/the executor of your will, etc get access

    "Hold your dear departed father up straight! Ok, now tilt his head to the left. No! HIS left!"

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  13. Re:Photo in front of the camera by wonkey_monkey · · Score: 3, Insightful

    And what happens if your face in damaged in accident, or you have a stroke, or you die?

    Then, if it was really important, you would have hopefully already set up a way for someone you trust to get your password (which, contrary to the headline, is not being "replaced" in the most literal sense) and then they can get access to your stuff.

    I can't help feeling your doom-mongering is a bit like saying, "They want us to start cars with keys? What if I lose my keys?!" We seem to have managed okay with such a system so far.

    --
    systemd is Roko's Basilisk.
  14. Flawed by wkwilley2 · · Score: 3, Insightful

    Face recognition is all fine and well till you grow a beard, or have a stroke.

    --
    Have you ever fallen asleep at the keybhanusdiog?
  15. Re:Laugh by sootman · · Score: 2

    Well-endowed girls everywhere will be complaining, "Why does Amazon always want me to jump up and down?!?"

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.