Using Face Recognition Instead of a PIN Number

coondoggie writes "Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications, but researchers at the University of Houston (UH) are trying to make the technology far more ubiquitous and secure: they want it to replace the dozens of personal identification numbers (PIN), passwords and credit card numbers everyone uses every day. University researchers developed the URxD face recognition software that uses a three-dimensional snapshot of a person's face to create a unique biometric identifier."

Bad idea

[Ckwop (707653)]

This is stupid for a couple of reasons. The first is that biometrics suck and are usually almost trivial to subvert. See the $10 fake finger [deeperwants.com], for an example. What do you do if somebody hacks your credentials as well? Have facial re-constructive surgery? But even if you had very good biometrics that were hard to fake, it still less secure than having separate credentials to access everything.

Why is this? Well for the sake of argument, let's suppose it costs £50 to create a duplicate of my chip and pin card that will work in any cash point. I have four such cards in my wallet so the cost of duplicating them all is £200. In order for the biometric to replace my cards completely and be equally secure, it has to cost more than £200 to fake.

The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced. This doesn't just apply to bank-cards it also applies to national ID cards and any centralisation of security.

The fundamental principle here is that centralising security often reduces security. This is something to keep in mind when you're consolidating servers [slashdot.org].

Simon

Re:

[froggero1 (848930)]

You know what else is a bad idea?

Entering in your PIN number into an ATM machine and getting a NSF funds error message.

Re:Bad idea

[andy666 (666062)]

I was walking over to an ATM machine the other day, when I realized that many other people have the same PIN number as me. I thought "they should have a personalized PIN number." Also, my bank still uses those old CRT tubes and they are hard to read, so they really need to upgrade the whole thing. Anyway I went into the bank to sit and talk to a representative about this, and I was reading a DC comic, and the light next to me was flickering. Damn that AC current! I took out my laptop, since I wanted to learn more about CSS style sheets. (Are they under the GPL license btw ?) After about 5 minutes of reading I had a headache - I felt like an ICBM missile had hit my head! Or maybe it was from my LCD display. What I need is a vacation I thought - so I went home and started to pack my SCUBA gear.

Re:

[AJWM (19027)]

Ah, you blew it right at the end. It's SCUBA apparatus. The other gear is stuff like mask, fins, etc.

Be thankful I couldn't locate you with my RADAR ranging device, you might have been zapped with LASER radiation.

Otherwise, well done.

Easy to reproduce and..

[QuantumG (50515)]

The reason why it is a bad idea to use your face as a password is that everyone can see your freakin' face. Why not just write your password in black marker on your forehead?

That's secure right?

Re:

[mwvdlee (775178)]

In short it's the old adage that you should never use the same password twice.

No. No. and No.

[mpapet (761907)]

The first is that biometrics suck and are usually almost trivial to subvert.
Okay sure, spend $50 on some sensor or $150 on sensor+lock and it will accept a fake finger. But that's not your average biometric installation.

What do you do if somebody hacks your credentials as well?
If the bad guy wants in, he won't try to reproduce your *face* to get in. This is just absurd.

The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced.
Except biometric installation

Re:PIN *NUMBER* ???

[IainMH (176964)]

That is a little redundant, douchebag. Why do they have to post stories with a title that says "Personal Identification Number Number?" Die, tool.

We're used to it - 'Built on NT Technology' :-)

Re:

[Mr2cents (323101)]

Stop it! I swear, if I see one more of these redundant pleonasms on my LCD display, I'm going to explode!

Re:

[Cro Magnon (467622)]

Yeah, and I'm used to using my PIN Number at my ATM Machine.

N-Ten

[Afecks (899057)]

The T is for Ten, not Technology [wikipedia.org]

Re:

[Guy Harris (3803)]

Why do they have to post stories with a title that says "Personal Identification Number Number?"

What would you use at an ATM machine other than a PIN number?

Re:PIN *NUMBER* ???

[yotto (590067)]

The next person who makes an acronym joke, I'm going to fire a SAM-Missile like TCP/IP protocol attack on. I'm serious, you're going to need a DC Comics superhero or the skills of an FPS shooter main character to survive this one. First, your FAT table will go, then your NIC card, then all your OSS software, and for the final coupe de gras, I'll translate all your code to the COBOL language.

Yeah, you'll be FUBAR beyond all recognition.

informative or pedantic? YOU decide, summer 2007!

[Scrameustache (459504)]

and for the final coupe de gras

I was just about to mod you +1Funny (I'm sure others will take up the slack) when I noticed the way you spelled that...
It's "coup de grâce [wikipedia.org]" (with the little hat over the 'a' that I think the /. encoding is going to chew up), as in "mercy". What you wrote is "slice of fat" which just sounds like you'd add insult to injury by stabbing them in the blubber.

Re:

[ajs318 (655362)]

Scanning the veins in your hand; basically a 3-dimensional thermal map of the blood networks within.
Benefits of
1. Unique to every individual.
2. VERY difficult to duplicate.

The problem is that sometimes you don't actually want it to be truly unique per individual. The way things are today, if I'm not feeling well I can send my girlfriend to do some shopping, give her my bank card and tell her my PIN. The most she can rip me off for is £200 minus anything I may have already withdrawn that day, and

Interesting, but Ill decline

[Aranykai (1053846)]

Its an interesting concept. I will agree with that.

Essentially, it uses your face to access your information in a database, which could include bank, credit card, medical, or pretty much anything else desired.

However, all a person then needs to commit fraud is to capture these scans and feed it back to the software...

Ill keep my zero liability credit cards and my 4 and 6 digit pin numbers thank you.

Re:

[1u3hr (530656)]

And how would this be any different from capturing your pin-code

If you suspect that you can change your pin code. Or change them daily if you want to.

I'm sure a mask could be reverse engineered to any given "face code" that would fool a machine, if not a human.

Re:

[Eivind (15695)]

My daugthers are identical twins. About 1% of all births are twin-births. About 1/3rd of all twins are identical.

It's trivial for my daugthers to choose different PINs.

Please explain how they would go about getting machines using the 3D face-contours to acknowledge that they are not, infact, the same person.

There's 300 million people in the US, of these about 2 million people are identical twins. I'd say a technology which is, from the get go, even absent any weaknesses, unusable for close to 1% of the popu

Check for life!

[reality-bytes (119275)]

I hope this system includes some method to check whether the rest of the person apart from the face is present.

Some poor Malaysian fellow has already lost a finger [bbc.co.uk]. I'd hate to have my head stolen just to access my bank account.

Re:

[by Anonymous Coward]

Jeez! Seeing that, maybe it's time to rethink my biometric penile scanner I've been planning.

Re:

[ozmanjusri (601766)]

maybe it's time to rethink my biometric penile scanner I've been planning

Now that HAS to be a Micro-soft project...

Re:

[megaditto (982598)]

Gives a whole new meaning to your password isn't long enough, eh?

Re:

[S.O.B. (136083)]

How can you do a biometric scan of a prison?

Re:

[hotdiggity (987032)]

I'd hate to have my head stolen just to access my bank account.

Yep. Might just want to limit this system to in-store purchases. Then when a would-be thief walks into a Best Buy to get a plasma TV using my card and severed head, the clerk may get suspicious and ask for a second piece of ID.

Its not the number of passwords that is the issue

[cliffski (65094)]

But the fact that every single one of them has different stupid restrictions. I try to limit myself to two common passwords where possible. one is fairly short, one is quite long.
Recently I needed a new password for a site. I tried the short one. "your password must be at least X characters". fine, whatever, that's why I use my long one,"your password is too long", so a new, made-up one "your password must contain at least one number". WTF?
Can we not at least agree some standard on this? Like many people I end up having to write this new mangled password down, totally defeating its security.
I do not see, from a code POV, why it matters that the password is less than X characters. Between 5 and 10 characters? WHY? what is wrong with between 5 and 50 characters? or 5 and 100 characters?
Most people can remember a sentence pretty easily, especially a favourite catchphrase or movie quote, remembering "tuesdaypass442" is not so easy, and thus they get written down. I understand the need for minimum pass lengths, but capping the max so low, and so close to the min, is just madness. Give us flexibility in passwords, not some dubious new expensive tech to do the same job.

Re:Its not the number of passwords that is the iss

[Yvanhoe (564877)]

Plus, having the same password on several website is an issue. I do this also but I keep wondering what will happen the day that one of the maintainers of the forum where I registered decides to impersonate me on other forums or even -gasp- on slashdot. Hopefully, my email password is unique and I can recover some stuff from there...

Re:Its not the number of passwords that is the iss

[cerberusss (660701)]

Like many people I end up having to write this new mangled password down, totally defeating its security.

I don't see why writing down defeats a password its security. As long as you guard that piece of paper, it's totally safe.

Re:

[cliffski (65094)]

I disagree, I think "welcome to the real world" is easier to remember than "mypasswrd1". sentences evoke memories, visual and auditory, which random lumps of characters or artificially squashed single words do not.

Re:Its not the number of passwords that is the iss

[Havenwar (867124)]

wttrw
w2trw
w2trwrld
yes, you are right, welcome to the real world is easy to remember. and now it will evoke the memory of w2trwrld, which is between 5-10 letters and contain one digit, and thus will be accepted as strong on 90% of the passworded applications out there.

Re:

[cliffski (65094)]

you just proved my point. which of those 3 is your password again?

Re:

[Havenwar (867124)]

I would have used the last one, I listed the three to show how I would work it out. five letters is too short for a password in my world, but then I am somewhat paranoid. As you said a sentence invokes memories and feelings, if you work one into a password then the sentence will invoke the memory of your workprocess - as I showed. Or at least it will if you put any amount of concious effort into choosing a password.

Re:

[cliffski (65094)]

absolutely, anything that involves money has its own secure unique one. I just mean for web forums and subscriptions for stuff.

Like to Forget

[pembo13 (770295)]

I kinda like the ability to forget or lose my PIN number. I can't exactly lose my face.

Sounds pretty fucked up for twins...

[forgoil (104808)]

Or people looking really alike, I mean, how precise is this thing? What about make up? Trip to the beach? Getting your hair done? Shaving accident?

They are trying to solve a problem (I hate pin codes) by making it to a worse problem. Way to go...

Re:Sounds pretty fucked up for twins...

[3vi1 (544505)]

Twins won't be a problem: the software can tell them apart because the evil one has a goatee and the good one doesn't.

Yes, even the female ones.

Sounds great! Until...

[RootsLINUX (854452)]

Someone takes a picture of your face using their cell phone, or takes an existing picture off of myspace, etc. I think it would be pretty damn hard for a camera to do facial recognition unless it truly is a 3D camera -- otherwise you can just stick a picture of the owner's face in front of the lens and you're in business.

Obviously CmdrTaco and Alan Cox wouldn't like it

[jsse (254124)]

Because it requires them to shave.

"Please stuck your head in the scanner for face recognition."

*grumble*

"Your face was not recognized, please rub your face with the towel provided and try agiain."

*damn*

"We failed to recognized your face after several trials. We'll now shave your face for a better recognition result. To avoid you moving your head while shaving is in progress, we'll lock your head firmly now."

*shaver pop out*

"NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"

MI

[bazorg (911295)]

these guys didn't watch "Mission: impossible" [imdb.com]?

Re:

[Remusti (1131423)]

Or Face/Off, evidently.

So...

[QMalcolm (1094433)]

Instead of using something that's secret and can be changed, they want to start using something that everyone can see, and is not changeable.

Update biometrics.

[iknownuttin (1099999)]

Instead of using something that's secret and can be changed, they want to start using something that everyone can see, and is not changeable.

I guess you'd have to have your biometrics updated every few years as you age. More often if you smoke, drink heavily, sun bath, etc... those things age you faster.

It's Bogus

[ajs318 (655362)]

It's bogus. I can say this with certainty.

How do I know? Because the exact same maths apply to a different domain, and we'd already have seen developments there if this was true.

Decompilation uses exactly the same abstract mathematical concepts as shape recognition (of which facial recognition clearly is a subset). Just replace "vertices" with assembly-language instructions and the "shapes" to which they may belong with program structures (for / while loops, subroutines &c).

If there was anything in this facial recognition malarkey, somebody would have created a working decompiler by now. That's just a simple application of the law of averages; there are many more hackers out there than there are biometrics researchers. And there's a huge application for a decompiler: the ability to decompile a program which originally was written in, say, Visual BASIC into C++ will mean that programmers can collaborate on a project without having to have a language in common (and, incidentally, it will also mean that Freedoms One and Three can be taken by force like Freedoms Zero and Two). So far, nobody has created such a thing.

It's snake oil, pure and simple.

Plus, I kind of like the extra security layer that I get by having different PINs for all my cards and different paswords for all my online accounts. If someone discovers, say, my Halifax PIN, they'll have to steal my Halifax card. But if they catch me on a day when I'm not carrying that one and steal my Lloyds TSB card or my Abbey National card instead, the Halifax PIN is useless to them (and while I'm sorting out blocking the stolen card, I can change the compromised PIN). Likewise, if someone discovers my Yahoo! Messenger password, they can't impersonate me on Slashdot.

ummmm...

[Mr Abstracto (226219)]

...what about twins?

Stupid for several reasons

[PontifexPrimus (576159)]

Here are, just off the top of my head, a couple of reasons why I think that's a really stupid idea:

• You have to consciously enter a PIN to give it away - unless you're fooled by a complete rebuild of an ATM, you're not likely to enter this particular number anywhere else; but you show your face to everyone in the street, making it trivial to get several photographs of it and even do a 3D reconstruction if desired.
• You can enter a number at a keypad even if severely impaired and under pretty unfriendly conditions (outside ATM in heavy rain, when you're wearing gloves and are a little under the effect of both a cold and cold medicine, say). It's a pretty fool-proof, accessible way of entering a small amount of data. Facial recognition, on the other hand, requires - unless there have been vast advances - very good lighting, a clear image of the face not obscured by sunglasses, intensive make-up or bruises, and no vast changes in hair style or beard growth.
• Image recognition is cost intensive, energy intensive and computationally expensive; a keypad of the highest level, secure and proof against vandalism will cost what? A couple of hundred bucks at most? To get facial recognition you need light sources that don't interfere with the cameras, the cameras themselves, complex software behind them and - also very important - you need large amounts of data on the facial features. Granted, it might be easy to compress them to a couple of hundred kb's if you're willing to sacrifice some accuracy, but compare that with the four or five byte you need to store a PIN!
• Problem of false negatives and false positives: when I enter a PIN I can usually get it right on the first try; I usually only run into problems when I confuse it with the PIN from another card. Entering it wrongly has happened maybe once or twice in my life, as far as I remember. Now, what are the chances that the facial recognition software will correctly identify me 99.99999% of the time? And how big is the risk that it might mistake another person for me?
• Another thing: right now I can hand my credit card to my brother, tell him to pick me up a little cash from an ATM and give him my PIN and card. Will there be provisions made for you to authorize other people, like your spouse? How many? For how long?

I think it's strange that so many people seem to think just because something is newer it is automatically better than the old technology / method / tool. Don't get me wrong, I love progress - but increasing the failure points of a known and working (if not perfect) system seems like a strange idea to me...

Re:Stupid for several reasons

[MichaelSmith (789609)]

I agree with all of that. One one thing I would like to see with ATM's is an attempt to behave a bit like a human teller in the sense that if I steal a woman's credit card and front up at the counter then they know they I (being male) must not be the owner of the card.

Some simple image matching process would be a good idea IMHO. It doesn't have to be fantastic and definitely not a replacement for a PIN.

3D map of the face ? What about acne ?

[subStance (618153)]

Surely the degree of accuracy to which you would have to measure the face to make it unique would imply that a good case of acne would be enough to deny access to your accounts.

Or better still, a broken nose ? Imagine having to go explain to the bank that you needed to change your pin because you were drunk and got into a fight at a pub ? There goes your chance at getting a homeloan ...

Face recognition with a photo!

[VincenzoRomano (881055)]

And what happens if I put a photo or an hologram in front of that camera?

Re:

[maroberts (15852)]

Even better, as it claims to the three-D, build a papier-mache head

Should be interesting

[Capt James McCarthy (860294)]

To see how the hell they are going to have a person walk up to an ATM, and wait for the system to search through potentially billions (or trillions) of biometrics datapoints while it looks for an exact match. Then the system will have to re-run the search so it is sure it has the proper account. This all because some school wants to rid the world of a key (credit/atm card and pin).

Now if you enhance the credit/atm card with a biometric to ensure that the owner of the card is the one using it, that would be

useful for fraud scoring, but not an auth factor

[rapiddescent (572442)]

I doubt this will be a single authentication factor in any banking/payment environment because the university researchers from the article just don't understand how complex payment systems are and how much interoperability between card schemes does not exist.

Where it will be used is in fraud scoring. The Alliance and leicester trialled small webcam like devices on ATMs but for some reason took them out of service. Recognition is useful, but it will not be used to block transactions, it will mostly likely be used to raise a score on a fraud profile for a transaction.

This type of fraud profiling is becoming more important because the UK will be moving to Faster payments [apacs.org.uk] at the end of 2007 - where once banks had 3 days to run scanning products [visionmagazine.net] (for terrorist account activity and fraud) - they will only have a few minutes. The problem at the moment in the UK is that customers do a lot of electronic payments compared to USA - so many transactions will not have time for all the fraud checks.

so if someone who looks nothing like my description makes a transaction, then the score will increase on the account which can then implement further fraud checks in resulting transactions.

when I designed and built a fraud detection system for a UK mobile operator, we found that when a handset/number had fraud committed on it - it usually was usually picked up by lots of the fraud scanners and would stick out like a sore thumb. Each customer would have an associated fraud score and when it reached a certain point, the fraud team would get involved.