Using Face Recognition Instead of a PIN Number 254
coondoggie writes "Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications, but researchers at the University of Houston (UH) are trying to make the technology far more ubiquitous and secure: they want it to replace the dozens of personal identification numbers (PIN), passwords and credit card numbers everyone uses every day.
University researchers developed the URxD face recognition software that uses a three-dimensional snapshot of a person's face to create a unique biometric identifier."
Check for life! (Score:5, Interesting)
Some poor Malaysian fellow has already lost a finger [bbc.co.uk]. I'd hate to have my head stolen just to access my bank account.
Its not the number of passwords that is the issue (Score:5, Interesting)
Recently I needed a new password for a site. I tried the short one. "your password must be at least X characters". fine, whatever, that's why I use my long one,"your password is too long", so a new, made-up one "your password must contain at least one number". WTF?
Can we not at least agree some standard on this? Like many people I end up having to write this new mangled password down, totally defeating its security.
I do not see, from a code POV, why it matters that the password is less than X characters. Between 5 and 10 characters? WHY? what is wrong with between 5 and 50 characters? or 5 and 100 characters?
Most people can remember a sentence pretty easily, especially a favourite catchphrase or movie quote, remembering "tuesdaypass442" is not so easy, and thus they get written down. I understand the need for minimum pass lengths, but capping the max so low, and so close to the min, is just madness. Give us flexibility in passwords, not some dubious new expensive tech to do the same job.
Sounds pretty fucked up for twins... (Score:4, Interesting)
They are trying to solve a problem (I hate pin codes) by making it to a worse problem. Way to go...
It's Bogus (Score:4, Interesting)
How do I know? Because the exact same maths apply to a different domain, and we'd already have seen developments there if this was true.
Decompilation uses exactly the same abstract mathematical concepts as shape recognition (of which facial recognition clearly is a subset). Just replace "vertices" with assembly-language instructions and the "shapes" to which they may belong with program structures (for / while loops, subroutines &c).
If there was anything in this facial recognition malarkey, somebody would have created a working decompiler by now. That's just a simple application of the law of averages; there are many more hackers out there than there are biometrics researchers. And there's a huge application for a decompiler: the ability to decompile a program which originally was written in, say, Visual BASIC into C++ will mean that programmers can collaborate on a project without having to have a language in common (and, incidentally, it will also mean that Freedoms One and Three can be taken by force like Freedoms Zero and Two). So far, nobody has created such a thing.
It's snake oil, pure and simple.
Plus, I kind of like the extra security layer that I get by having different PINs for all my cards and different paswords for all my online accounts. If someone discovers, say, my Halifax PIN, they'll have to steal my Halifax card. But if they catch me on a day when I'm not carrying that one and steal my Lloyds TSB card or my Abbey National card instead, the Halifax PIN is useless to them (and while I'm sorting out blocking the stolen card, I can change the compromised PIN). Likewise, if someone discovers my Yahoo! Messenger password, they can't impersonate me on Slashdot.
Re:Its not the number of passwords that is the iss (Score:4, Interesting)
w2trw
w2trwrld
yes, you are right, welcome to the real world is easy to remember. and now it will evoke the memory of w2trwrld, which is between 5-10 letters and contain one digit, and thus will be accepted as strong on 90% of the passworded applications out there.
ummmm... (Score:2, Interesting)
Re:Stupid for several reasons (Score:4, Interesting)
Some simple image matching process would be a good idea IMHO. It doesn't have to be fantastic and definitely not a replacement for a PIN.
Re:Interesting, but Ill decline (Score:3, Interesting)
If you suspect that you can change your pin code. Or change them daily if you want to.
I'm sure a mask could be reverse engineered to any given "face code" that would fool a machine, if not a human.
Re:Interesting, but Ill decline (Score:3, Interesting)
It's trivial for my daugthers to choose different PINs.
Please explain how they would go about getting machines using the 3D face-contours to acknowledge that they are not, infact, the same person.
There's 300 million people in the US, of these about 2 million people are identical twins. I'd say a technology which is, from the get go, even absent any weaknesses, unusable for close to 1% of the population is pretty useless.
Yeah, there's differences to them, and these will increase as they grow older, as a result of environmental and lifestyle influences, nevertheless they are currently close enough that I sincerely doubt any software could tell them apart without being *too* picky and introducing many false negatives.
Re:Bad idea (Score:3, Interesting)