Using Face Recognition Instead of a PIN Number

coondoggie writes "Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications, but researchers at the University of Houston (UH) are trying to make the technology far more ubiquitous and secure: they want it to replace the dozens of personal identification numbers (PIN), passwords and credit card numbers everyone uses every day. University researchers developed the URxD face recognition software that uses a three-dimensional snapshot of a person's face to create a unique biometric identifier."

Check for life!

[reality-bytes]

I hope this system includes some method to check whether the rest of the person apart from the face is present.

Some poor Malaysian fellow has already lost a finger [bbc.co.uk]. I'd hate to have my head stolen just to access my bank account.

Its not the number of passwords that is the issue

[cliffski]

But the fact that every single one of them has different stupid restrictions. I try to limit myself to two common passwords where possible. one is fairly short, one is quite long.
Recently I needed a new password for a site. I tried the short one. "your password must be at least X characters". fine, whatever, that's why I use my long one,"your password is too long", so a new, made-up one "your password must contain at least one number". WTF?
Can we not at least agree some standard on this? Like many people I end up having to write this new mangled password down, totally defeating its security.
I do not see, from a code POV, why it matters that the password is less than X characters. Between 5 and 10 characters? WHY? what is wrong with between 5 and 50 characters? or 5 and 100 characters?
Most people can remember a sentence pretty easily, especially a favourite catchphrase or movie quote, remembering "tuesdaypass442" is not so easy, and thus they get written down. I understand the need for minimum pass lengths, but capping the max so low, and so close to the min, is just madness. Give us flexibility in passwords, not some dubious new expensive tech to do the same job.

Sounds pretty fucked up for twins...

[forgoil]

Or people looking really alike, I mean, how precise is this thing? What about make up? Trip to the beach? Getting your hair done? Shaving accident?

They are trying to solve a problem (I hate pin codes) by making it to a worse problem. Way to go...

It's Bogus

[ajs318]

It's bogus. I can say this with certainty.

How do I know? Because the exact same maths apply to a different domain, and we'd already have seen developments there if this was true.

Decompilation uses exactly the same abstract mathematical concepts as shape recognition (of which facial recognition clearly is a subset). Just replace "vertices" with assembly-language instructions and the "shapes" to which they may belong with program structures (for / while loops, subroutines &c).

If there was anything in this facial recognition malarkey, somebody would have created a working decompiler by now. That's just a simple application of the law of averages; there are many more hackers out there than there are biometrics researchers. And there's a huge application for a decompiler: the ability to decompile a program which originally was written in, say, Visual BASIC into C++ will mean that programmers can collaborate on a project without having to have a language in common (and, incidentally, it will also mean that Freedoms One and Three can be taken by force like Freedoms Zero and Two). So far, nobody has created such a thing.

It's snake oil, pure and simple.

Plus, I kind of like the extra security layer that I get by having different PINs for all my cards and different paswords for all my online accounts. If someone discovers, say, my Halifax PIN, they'll have to steal my Halifax card. But if they catch me on a day when I'm not carrying that one and steal my Lloyds TSB card or my Abbey National card instead, the Halifax PIN is useless to them (and while I'm sorting out blocking the stolen card, I can change the compromised PIN). Likewise, if someone discovers my Yahoo! Messenger password, they can't impersonate me on Slashdot.

Re:Its not the number of passwords that is the iss

[Havenwar]

wttrw
w2trw
w2trwrld
yes, you are right, welcome to the real world is easy to remember. and now it will evoke the memory of w2trwrld, which is between 5-10 letters and contain one digit, and thus will be accepted as strong on 90% of the passworded applications out there.

ummmm...

[Mr Abstracto]

...what about twins?

Re:Stupid for several reasons

[MichaelSmith]

I agree with all of that. One one thing I would like to see with ATM's is an attempt to behave a bit like a human teller in the sense that if I steal a woman's credit card and front up at the counter then they know they I (being male) must not be the owner of the card.

Some simple image matching process would be a good idea IMHO. It doesn't have to be fantastic and definitely not a replacement for a PIN.

Re:Interesting, but Ill decline

[1u3hr]

And how would this be any different from capturing your pin-code

If you suspect that you can change your pin code. Or change them daily if you want to.

I'm sure a mask could be reverse engineered to any given "face code" that would fool a machine, if not a human.

Re:Interesting, but Ill decline

[Eivind]

My daugthers are identical twins. About 1% of all births are twin-births. About 1/3rd of all twins are identical.

It's trivial for my daugthers to choose different PINs.

Please explain how they would go about getting machines using the 3D face-contours to acknowledge that they are not, infact, the same person.

There's 300 million people in the US, of these about 2 million people are identical twins. I'd say a technology which is, from the get go, even absent any weaknesses, unusable for close to 1% of the population is pretty useless.

Yeah, there's differences to them, and these will increase as they grow older, as a result of environmental and lifestyle influences, nevertheless they are currently close enough that I sincerely doubt any software could tell them apart without being *too* picky and introducing many false negatives.

Re:Bad idea

[ajs318]

Scanning the veins in your hand; basically a 3-dimensional thermal map of the blood networks within.
Benefits of
1. Unique to every individual.
2. VERY difficult to duplicate.

The problem is that sometimes you don't actually want it to be truly unique per individual. The way things are today, if I'm not feeling well I can send my girlfriend to do some shopping, give her my bank card and tell her my PIN. The most she can rip me off for is £200 minus anything I may have already withdrawn that day, and as soon as I'm fit again I can change the number. And vice versa; if she's not well, she can temporarily authorise me to withdraw some money from her account (or at least she could, if she ever had any money in it). You can't do that with a hand scan. The nearest thing would be somehow to authorise my girlfriend's hand for a limited time, amount or number of transactions; which requires the co-operation of the bank and rather more talking than just hoarsely croaking "Get me some Benylin, darling. 2579".

Even if someone does cut off your hand, they would have to pump 37C fluid through it, this is a dead give away in public...picture guy with severed hand, a water heater, and a portable pump.

This is entirely feasible in the UK. You can drive down the road in a car with the alarm blaring and the most anybody will do is tut and express the wish that you could be a bit quieter. Criminals commit crimes right under the gaze of the ubiquitous CCTV cameras, then leg it before the police show up. Passers-by do not notice at all. There are several reasons for this: Firstly, an Englishman keeps his nose out of other people's business, and if someone else is doing something unusual they probably have a very good reason which is obviously none of your business, otherwise they would have told you about it. Secondly, the police are on a points-make-prizes system. They want to arrest someone and don't care whether that person is a suspect or an innocent witness.