A newly proposed alternative based on the psychology of face recognition was announced recently.
Dubbed 'Facelock', it could put an end to forgotten passwords, and protect users from prying eyes.
Familiarity with a particular face determines a person's ability to identify it across different photographs and as a result a set of faces that are known only to a single individual can be used to create a personalized 'lock'.
Access is then granted to anyone who demonstrates recognition of the faces across images, and denied to anyone who does not.
To register with the system, users nominate a set of faces that are well known to them, but are not well known to other people. The researchers found that it was surprisingly easy to generate faces that have this property.
For example, a favorite jazz trombonist, or a revered poker player are more than suitable - effectively one person's idol is another person's stranger. By combining faces from across a user's domains of familiarity-say, music and sports- the researchers were able to create a set of faces that were known to that user only. To know all of those faces is then the key to Facelock.
The 'lock' consists of a series of face grids and each grid is constructed so that one face is familiar to the user, whilst all other faces are unfamiliar. Authentication is a matter of simply touching the familiar face in each grid. For the legitimate user, this is a trivial task, as the familiar face stands out from the others. However, a fraudster looking at the same grid hits a problem-none of the faces stand out.
Building authentication around familiarity has several advantages. Unlike password or PIN-based systems, a familiarity-based approach never requires users to commit anything to memory. Nor does it require them to name the faces in order to authenticate.
The only requirement is to indicate which face looks familiar. Psychological research has shown that familiarity with a face is virtually impossible to lose and so this system is naturally robust. In the current study, users authenticated easily even after a one-year interval. In contrast, disused passwords can be forgotten within days.
The study has been published in the journal PeerJ.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app