August 13, 2019
Your Face Is the Password You Will Never Forget
MIT, the prestigious research university, was the birthplace of an era that is swiftly coming to an end. The password era. The first password – as we understand it now – was coined there and ironically, it is also there that the first data breach took place.
The security trend of the 60s was knowledge-based authentication but storage space and limited resources hardly allowed for detailed information to be kept in the Compatible Time-Sharing System of MIT. Therefore, the CTSS team devised passwords for every person using a shared terminal. The form of those passwords is not of consequence, rather the actions that followed.
To log in more work hours, one of the researchers simply printed all the passwords and used one at random to access the terminal a second time. He wasn’t the only one. The password shenanigans had begun.
Fast forward 60 years later and we haven’t gotten much more careful with them.
The average employee shares 6 passwords with their co-workers and reuses them from work to private domains more frequently than you’d assume.
Meanwhile, 80% of hacking-related breaches involve compromised and weak credentials and 29% of all breaches last year involved the use of stolen credentials, yet we continue to resort to the same two-three combinations of letters, numbers and special characters.
Time and time again, we craft passwords for new accounts and then resort to reminders and password manager apps when we fail to remember them.
We are complicating our lives unnecessarily, especially considering the fact that a better security system has been on the market for a while now: biometric security.
Passwords, on the brink of extinction
Deemed unfit for our security needs in the ever-changing tech landscape, passwords are giving way to biometrics – unique human characteristics by which each and every one of us can be identified.
Fingerprints, iris, face, veins, voice are the most well-known and used human metrics as registration and authentication methods. Nowadays, they represent the most sophisticated digital form of security, yet biometrics used as identification means dates back to Babylonian times, when fingerprints in clay were as good as a signature.
Hundreds of years later, the industrial revolution played a key role in making anthropometrics popular in law enforcement proceedings. Then, US authorities encouraged the automation of fingerprint recognition and funded the development of fingerprint scanners.
The 90s saw breakthroughs in vascular pattern recognition, iris recognition, the first successful face detection experiment and the first commercial iris product, culminating with the enrollment of over 65,000 people through hand geometry at the Olympic Games.
However, the general public became aware of the power of biometric security only in 2001, after the media took a keen interest in the use of face recognition at the Super Bowl. Months later, in the heart of New York City, the 9/11 attacks acted as a catalyst, establishing the need for biometrics as a homeland security measure.
Since then, governments have embraced biometrics as the passwords of a new era, extremely difficult and sometimes impossible to hack, steal and alter.
Individuals, however, have watched the transition from password security to biometric security with wary eyes, until 10 years ago when phone manufacturers placed biometric security measures in their palms, offering fingerprint recognition as an alternative means of unlocking their mobile devices.
Today, passwords have become the pariahs of the new digital world. California intends to make creating generic passwords such as “admin” and “password” illegal by 2020, while Microsoft has obtained FIDO2 certification for its Windows Hello biometric security system to work not only on-device but also for in the cloud services.
In the realm of face recognition, 2018 was the “make it or break it year”, with many companies racing to launch products that made user authentication seamless and secure. Our team stood out from the crowd by releasing a one-of-a-kind, cutting-edge 3D face recognition solution.
Securing your wallet: from credit cards to naked payments
The nature of the most common data breaches today is of tremendous importance when considering a new and improved security system. People do not only seek data privacy for their work emails, personal chats and family photos, but more importantly, financial payments.
Nowadays, there are more web-based credit card transactions than physical ones, so it is no surprise that the driver of most data breaches is financial gain. To protect customers against such attacks, banks needed to embrace a system where passwords could not be guessed or hacked like in the old days.
Switching to contactless payments was the first step taken in that direction and now, leaving our physical cards behind seems the logical follow-up. More and more users are using their phones to pay at terminals, a sign that convenience, besides security, remains a strong incentive.
What comes next? Biometric payments. Mobile companies are thinking long term, issuing virtual cards in collaboration with banks, cards that do not have numbers attached to it and that live on the mobile device. Making a payment with such cards is done biometrically, by using the user’s fingerprint or face, depending on the device they possess.
One the other hand, startups are boldly testing naked payments, proposing vein scans as means of authentication, but the infrastructure is still years away from making that particular option viable.
Face recognition, although, is already on millions of mobile devices to the point where by 2020, we could see more than a billion of them ship with this technology.
What makes face recognition so attractive to users? Convenience, speed, security. 3D face recognition, in particular, is seamless, touchless, fast and more accurate by adding another layer to the equation, which makes it harder to be fooled by photos or videos.
We believe 3D, neural-based face recognition solutions are the most advanced type of face-based biometrics security you can have today. The 3D component is key to generating a 3D map of the user’s face, therefore easily identifying anti-spoofing attacks when confronted with a picture or a video of a person versus the real individual.
Generating a 3D map can be done in multiple ways, depending on the system of cameras employed.
Structured light systems work by projecting a known pattern on the device’s field of view. The way the pattern deforms when encountering a human face is a tell-tale sign that the subject in question is the owner of the device, a mask substituting it or an intruder.
Time of Flight systems use instead a beam of light which is projected onto the subject, only to then capture the reflected light. This system calculates the tiny phase variation in the time-of-flight of photons of light signal between the emitter and the sensor. By doing so, it can create a depth map that 3D face recognition solutions can use to determine the identity of the subject.
In both cases, the accuracy of the depth map is extremely important. The higher the number of projected dots, the more accurate the solution using a structured light system will be. Alternatively, the higher the sensor resolution, the more precise the time of flight solution is going to be.
Choosing the best 3D face recognition on the market can be a demanding venture for both businesses and end users. After all, in the decision-making process, factors like compatibility, false acceptance and false recognition rates, optimization and reliability in the context of external forces are paramount.
FaceSafe, the shield we need today
With these in mind, we have created FaceSafe, a neural-based, 3D face recognition solution that is depth-agnostic and optimized to ensure power and system cost savings.
FaceSafe features deep learning technologies, which means that the solution has been trained on an initial dataset to recognize a person from different angles and in different environments. It also implies that after the initial registration, the solution is capable of learning multiple angles of a user’s face in different lighting and background situations so each authentication runs smoothly when attempted by the enrolled user(s) on the device.
Our computer vision technology is depth-agnostic and therefore, it is compatible with structured light, time-of-flight and stereoscopic systems. FaceSafe can adapt to the manufacturer’s choice of sensor and technology.
Regardless of the system used, after the initial enrollment, FaceSafe translates the visual information into secured key data, not 3D scan or picture. The data is then stored on device and is used to verify the identity of the user each time it is prompted to do so.
We wanted to cover all our grounds so FaceSafe also comes with liveness detection. This means our solution will also analyze contextual information, texture, user interaction and depth at every authentication attempt.
In the future, FaceSafe could be always-on if supported by a dedicated, custom hardware accelerator like our image processing unit (IPU), which ensures that the entire process is perfectly optimized. In this scenario, FaceSafe could lock the device it works on during idle periods or can block it when detecting unregistered users trying to access it.
How does such an advanced solution fare now? We are proud to say that FaceSafe has a very low false recognition rate, with a low false rejection rate. FaceSafe can prevent print attacks, replay/video attacks and 3D mask attacks for a safe user experience.
Breaking the fourth wall. Securely
Where can FaceSafe and face recognition solutions go from here? Right now, 3D face recognition is used to unlock mobile devices and make financial payments. Are there ways to use them to better people’s lives beyond that? We believe so.
Unconsciously, we have broken the fourth wall. Our daily lives, observed passively by the devices surrounding us, have started to intertwine with the digital lives of our devices. We have knocked on the display to the point of breaking it and reaching to speak with the Siris and Alexas on the other side.
We have allowed our devices to know our names, habits, friends, likes and dislikes. More so, we are asking them questions, expecting answers from items that until recently, we have considered “things”.
In homes or at offices, where multiple people live and work, we have set up user profiles, so each individual can have its own experience. Therefore, it is fair to assume that our interaction with our devices will only increase in the years to follow, as well as our need to protect the information that we share with them.
In the near future, we believe biometric solutions will not only unlock our phones and help us make secure payments, but ensure the safety of individually-crafted experiences. At home, each member of the family will have its own user profile on smart speakers. Thanks to voice recognition, for example, these devices will know what greeting to use with each individual in the morning or what traffic recommendations to offer.
Smart lighting systems with cameras will customize the intensity of the light and its cast according to each user’s preference. Family members could set different user profiles on their TV to get diverse recommendations and then, instead of using multiple passwords to access them, simply rely on the TV’s embedded cameras or microphones to recognize them.
The same could happen with smart kitchen appliances, walk-in showers, cars, and even outside the home. Employees could have custom elevator experiences when reaching their office. Medical check-ups could go faster if doctors would see the history of the patient not by pulling up a chart, but by accessing their digital profiles as soon as the patients would enter the clinic, fitted with cameras and face recognition solutions.
Biometrics, such as face recognition, are not only the natural step on the evolution scale, a better, improved type of password. We believe they are keys to not only keep our information under lock but open up a whole new digital world where machines and humans meet halfway.
Sumat Mehra has been part of the digital imaging revolution since 1988 and witnessed the growth of imaging technology from inside of large corporations as well as start-ups. Sumat has held positions in core research in image quality, product development for mature productization, and led strategic marketing, product marketing, as well as sales and business development teams. He has worked in imaging science, medical image processing, astronomical imaging, pure image quality R&D, and imaging standardization. Today, Sumat is focused on building winning customer relationships with companies focused on imaging and audio devices in the mobile markets.Back to Stories