Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Privacy Software Hardware Technology

New Technology Combines Lip Motion and Passwords For User Authentication (bleepingcomputer.com) 54

An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
This discussion has been archived. No new comments can be posted.

New Technology Combines Lip Motion and Passwords For User Authentication

Comments Filter:
  • by Anonymous Coward

    Hey Mike, what's my password again?

    I has been flyingpig69 for the last two months boss.

    Thanks, I'm really liking this secure authentication system you've installed.

  • by Anonymous Coward on Tuesday March 21, 2017 @05:11AM (#54080323)

    And passphrases of at least 15 characters, with no ridiculous rules such as 'Must use a capital letter, a number, a non-alphanumeric character' etc.
    The general public must be so incredibly stupid that they can't even create decent passwords.

  • by thinkwaitfast ( 4150389 ) on Tuesday March 21, 2017 @05:31AM (#54080363)

    I have to take the bandaid off the camera on my laptop to protect my cat pictures.

    No thanks

    • You've hit it almost on the head. This isn't about better security, it's about worse. It's a Chinese plot to force us all to untape the cameras on our laptops hoping we'll forget to retape them after logging in, and then they can spy on us. And they'll get to see whatever the background is while we're logging in.

      Remember, don't leave large blueprints containing intellectual property taped to the wall behind you when you log in to your terminal or all your bases will belong China.

  • by Tomahawk ( 1343 ) on Tuesday March 21, 2017 @05:34AM (#54080367) Homepage

    What happens if someone suffers, say, stroke and part of the face is paralysed. Or they have Botox?
    I suppose there has to be a backup to allow someone to reset their password in such cases, or in cases where they forget it. This backup may prove to be a weakness.

    What happens if I record a video of my boss uttering his password, and then show the video to the camera?

    • Comment removed based on user account deletion
    • by mwvdlee ( 775178 )

      On the other hand, it's great protection against drunk emails.

    • Or goes to the dentist?
    • These kind of "biometrics unlock" (like also a fingerprint scan) are used as a quick way to unlock instead of having to input a strong password.
      They're the equivalent of a PIN code, not the equivalent of a 16-characters long strong password.

      So if you can't lip/mouth your biometric pass, you simply do as you would if your finger was unavailable (= harmed, and covered with a band-aid) for fingerprint scans:
      you type instead the strong unlocking password to log-in.

      Now the problem is that you probably use your P

  • by Anonymous Coward

    Dr. Frank Poole: Okay. Well look Dave. Let's say we put the unit back and it doesn't fail uh? That would pretty well wrap it up as far as HAL was concerned wouldn't it?

    Dave Bowman: Well, we'd be in very serious trouble.

    Dr. Frank Poole: We would, wouldn't we. What the hell could we do?

    Dave Bowman: Well we wouldn't have too many alternatives.

    Dr. Frank Poole: I don't think we'd have any alternatives. There isn't a single aspect of ship operations that isn't under his control. If he were proven to be malfunctio

  • by Anonymous Coward

    Biometrics should be used for IDENTIFICATION, not AUTHENTICATION.

    There is nothing wrong with a fingerprint or iris in lieu of a user name. I don't change that when the databases scattered all over creation get individually compromised.

    • When you type a password by moving your fingers you are making a gesture. Or you can speak a passphrase and make the gesture with your mouth. Either works for authentication; the advantage of speaking the word versus tapping on the keyboard is that it's harder for someone else to duplicate.
      • People don't always type using the same method. Sometimes a touch typist will have a cup in one hand and hunt-n-peck with the other. Gestures are crap. I give the whole concept the middle finger gesture.
      • the advantage of speaking the word versus tapping on the keyboard is that it's harder for someone else to duplicate.

        And the disadvantage is that anyone within earshot can hear what your password is.

        This is why I absolutely loathe voice operated call directors. I'm in an office with other people and I have to tell everyone what I'm doing, instead of simply silently pushing a few buttons. Usually it winds up with me shouting "HUMAN BEING" or "GET ME A DUCKING PERSON" when the voice detection system doesn't have the option I need.

        Of course, the fact that they are poorly programmed to start with, asking questions like "ar

  • by geekmux ( 1040042 ) on Tuesday March 21, 2017 @05:53AM (#54080421)

    So, we've reached a point where a user actually has to say their shitty password out loud in order to obtain better security?

    Let me put my boots on so I can wade through the irony.

    Oh, and not to nitpick or anything, but this is hardly combining functionality to create better security when your password is known to anyone within earshot of you authenticating. One half of that system is basically compromised simply by using it as intended.

    • The password here (i.e.: the word that is spoken) isn't what plays the role of password (it's not the actual word itself that unlocks the machine).
      As mentionned, this technology doesn't use any voice recognition.

      The thing which acts as a password (the thing which decides to unlock or not) is the particular way in which your mouths moves when composing the sound of the word.
      The word only plays the role of a mnemonic : a thing that helps you remember the combination of elements - i.e.: the order of mouth move

  • by LordHighExecutioner ( 4245243 ) on Tuesday March 21, 2017 @06:22AM (#54080485)
    My passwords are way too embarassing to be said loudly in presence of my coworkers.
    • The article says it doesn't actually rely on sound, so you could do it voicelessly. Although the various speech articulators in your mouth can operate differently if you do something voicelessly so it's probably not something you could switch between when using it privately.

    • Let me guess: Ih8myJ0b1
    • lol
  • by petes_PoV ( 912422 ) on Tuesday March 21, 2017 @07:11AM (#54080613)
    This seems to assume that the camera can see an individual's lips.
  • Here in Alabama, we already have a spectacular biometric system called RIN - the Redneck Identification System.

    At each door we have a spitoon. When you approach the door, you spit into the spittoon and say anything you want. The spit velocity and composition is analyzed and the drawl of the speech is measured. No "southern bio" match, no ID match.

    Dave doesn't chew Skoal and is always dead center in the pan - IMPOSTER DETECTED. GIT 'EM BOYS!
  • Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.

    No. They do not. This is a rather common misconception. Granted, you can never change these things - which is an inherent weakness, but they do not become "eternally useless". I may have your fingerprint - but I can not fool every fingerprint reader on Earth. Better fingerprint readers are invented - each successive generation being harder to fool. Iris scans and facial recognition are much the same. You may be able to fool the scanners of today, but not necessarily the scanners of tomorrow. You may be able

    • So, my ability to not be compromised depends on someone else installing better security on their end?

      • by Striek ( 1811980 )

        Yes, exactly. And passwords are no different. Any credentials stored with a third party are at a risk level determined by the security measures in place there. Passwords are dependent on proper hashing and salting, and the current level of computational power available to crack them (among other things), and fingerprint records are only as secure as current technological sophistication will permit. We've always needed to have some level of trust in authentication providers, and I don't think biometric recor

  • My password is "rrrrrrrrrrrr" (12 times 'r'). Now read my lips, and try to get the difference between "rrrrrrrrrrrr", "rrrrrrrrrrr" (11 times 'r') and "rrrrrrrrrrrrr" (13 times 'r')...

  • Password, Passkey, Biometrics
    Something you know, something you have, something you are

    aka
    Something you forget, Something you lose, something you no longer are ...

  • my inability to read or type anything without moving my lips is a security bonus.
  • Computer, establish a security code for access... One - Seven - Three - Four - Six - Seven - Three - Two - One - Four - Seven - Six - Charlie - Three - Two - Seven - Eight - Nine - Seven - Seven - Seven - Six - Four - Three - Tango - Seven - Three - Two - Victor - Seven - Three - One - One - Seven - One - Eight - Eight - Eight - Seven - Three - Two - Four - Seven - Six - Seven - Eight - Nine - Seven - Six - Four - Three - Seven - Six - LOCK!

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...