New Technology Combines Lip Motion and Passwords For User Authentication (bleepingcomputer.com) 54
An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
Forgetting passwords on the workplace (Score:1)
Hey Mike, what's my password again?
I has been flyingpig69 for the last two months boss.
Thanks, I'm really liking this secure authentication system you've installed.
Why not just demand passphrases instead? (Score:3, Insightful)
And passphrases of at least 15 characters, with no ridiculous rules such as 'Must use a capital letter, a number, a non-alphanumeric character' etc.
The general public must be so incredibly stupid that they can't even create decent passwords.
Re: (Score:1)
or if someone gets punched in the mouth. or if someone is drunk. or if someone is having a stroke.
Re: (Score:2)
Allowing a repeatedly out-loud-spoken password to be typed kind of defies the point of the whole system, doesn't it?
Re: (Score:3)
So what. Their lips don't have the same shape and their lip motion is different. That's the point.
No, not quite. The point is don't try and sell this as a "combined" security model when one half of the system is essentially compromised, simply by using it as intended.
Unfortunately, the other half of this system will ensure the entire thing is marketed as the best "multi" factor authentication solution in the entire universe.
Re: (Score:1)
Not even that. The lips movement is extremely easy to capture with a video camera accurately. And once you have a video capture of the lips it will be somewhere between trivial and hard to make a fake 2D or 3D model that will repeat the password.
So instead of having to video someone's keyboard as they type their password you only need to film someone's face.
Technically (Score:2)
The point is don't try and sell this as a "combined" security model when one half of the system is essentially compromised, simply by using it as intended.
Unfortunately, the other half of this system will ensure the entire thing is marketed as the best "multi" factor authentication solution in the entire universe.
From a pureley technical point of view, it *is* a multifactor :
- something you have/are : Your lips (or more precisely : their peculiar shape and your personal way to move them when making some sounds).
- something you know : A certain order in which you present the above lips motions (though it's linked to the sound you're making, and if somebody can over-hear you, they have a decent starting point at guessing what motions you where doing with your mouth).
Currently, it's not being marketed *for being multi
Re: (Score:3)
Yes, but if that is the point, why not let the user speak the username instead of the password? After all if you say it out loud, it can be intercepted much more easily (not all people are proficient with reading people typing keystrokes, although you should consider this too, and probably cover yourself when you type in your password), so there is no sense in keeping the spoken phrase secret.
Re: (Score:3)
Re: (Score:2)
Read my lips: p-a-s-s-w-o-r-d
Re: (Score:2)
Damn "cold sore". Now I can't get into my account. Musta mouthed too many passwords.
So that means (Score:4, Funny)
I have to take the bandaid off the camera on my laptop to protect my cat pictures.
No thanks
Re: (Score:2)
Remember, don't leave large blueprints containing intellectual property taped to the wall behind you when you log in to your terminal or all your bases will belong China.
Re: (Score:2)
What about imparements and videos? (Score:3)
What happens if someone suffers, say, stroke and part of the face is paralysed. Or they have Botox?
I suppose there has to be a backup to allow someone to reset their password in such cases, or in cases where they forget it. This backup may prove to be a weakness.
What happens if I record a video of my boss uttering his password, and then show the video to the camera?
Re: (Score:2)
Re: (Score:2)
On the other hand, it's great protection against drunk emails.
Re: (Score:2)
PIN code (Score:2)
These kind of "biometrics unlock" (like also a fingerprint scan) are used as a quick way to unlock instead of having to input a strong password.
They're the equivalent of a PIN code, not the equivalent of a 16-characters long strong password.
So if you can't lip/mouth your biometric pass, you simply do as you would if your finger was unavailable (= harmed, and covered with a band-aid) for fingerprint scans:
you type instead the strong unlocking password to log-in.
Now the problem is that you probably use your P
2001 : A Space Odyssey (Score:2, Insightful)
Dr. Frank Poole: Okay. Well look Dave. Let's say we put the unit back and it doesn't fail uh? That would pretty well wrap it up as far as HAL was concerned wouldn't it?
Dave Bowman: Well, we'd be in very serious trouble.
Dr. Frank Poole: We would, wouldn't we. What the hell could we do?
Dave Bowman: Well we wouldn't have too many alternatives.
Dr. Frank Poole: I don't think we'd have any alternatives. There isn't a single aspect of ship operations that isn't under his control. If he were proven to be malfunctio
Biometrics (Score:1)
Biometrics should be used for IDENTIFICATION, not AUTHENTICATION.
There is nothing wrong with a fingerprint or iris in lieu of a user name. I don't change that when the databases scattered all over creation get individually compromised.
It's a gesture (Score:2)
Re: (Score:2)
Re: (Score:2)
the advantage of speaking the word versus tapping on the keyboard is that it's harder for someone else to duplicate.
And the disadvantage is that anyone within earshot can hear what your password is.
This is why I absolutely loathe voice operated call directors. I'm in an office with other people and I have to tell everyone what I'm doing, instead of simply silently pushing a few buttons. Usually it winds up with me shouting "HUMAN BEING" or "GET ME A DUCKING PERSON" when the voice detection system doesn't have the option I need.
Of course, the fact that they are poorly programmed to start with, asking questions like "ar
The Irony of this Security. (Score:5, Interesting)
So, we've reached a point where a user actually has to say their shitty password out loud in order to obtain better security?
Let me put my boots on so I can wade through the irony.
Oh, and not to nitpick or anything, but this is hardly combining functionality to create better security when your password is known to anyone within earshot of you authenticating. One half of that system is basically compromised simply by using it as intended.
The password isn't the password. (Score:3)
The password here (i.e.: the word that is spoken) isn't what plays the role of password (it's not the actual word itself that unlocks the machine).
As mentionned, this technology doesn't use any voice recognition.
The thing which acts as a password (the thing which decides to unlock or not) is the particular way in which your mouths moves when composing the sound of the word.
The word only plays the role of a mnemonic : a thing that helps you remember the combination of elements - i.e.: the order of mouth move
I cannot do this. (Score:4, Funny)
Re: (Score:2)
The article says it doesn't actually rely on sound, so you could do it voicelessly. Although the various speech articulators in your mouth can operate differently if you do something voicelessly so it's probably not something you could switch between when using it privately.
Re: (Score:2)
Re: (Score:2)
Beards? (Score:3)
Alabama Redneck Identification System (Score:2)
At each door we have a spitoon. When you approach the door, you spit into the spittoon and say anything you want. The spit velocity and composition is analyzed and the drawl of the speech is measured. No "southern bio" match, no ID match.
Dave doesn't chew Skoal and is always dead center in the pan - IMPOSTER DETECTED. GIT 'EM BOYS!
Not "eternally useless" once compromised (Score:2)
Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
No. They do not. This is a rather common misconception. Granted, you can never change these things - which is an inherent weakness, but they do not become "eternally useless". I may have your fingerprint - but I can not fool every fingerprint reader on Earth. Better fingerprint readers are invented - each successive generation being harder to fool. Iris scans and facial recognition are much the same. You may be able to fool the scanners of today, but not necessarily the scanners of tomorrow. You may be able
Re: (Score:2)
So, my ability to not be compromised depends on someone else installing better security on their end?
Re: (Score:2)
Yes, exactly. And passwords are no different. Any credentials stored with a third party are at a risk level determined by the security measures in place there. Passwords are dependent on proper hashing and salting, and the current level of computational power available to crack them (among other things), and fingerprint records are only as secure as current technological sophistication will permit. We've always needed to have some level of trust in authentication providers, and I don't think biometric recor
It cannot work! (Score:2)
My password is "rrrrrrrrrrrr" (12 times 'r'). Now read my lips, and try to get the difference between "rrrrrrrrrrrr", "rrrrrrrrrrr" (11 times 'r') and "rrrrrrrrrrrrr" (13 times 'r')...
3 Factors (Score:2)
Password, Passkey, Biometrics
Something you know, something you have, something you are
aka ...
Something you forget, Something you lose, something you no longer are
finally (Score:2)
It's kinda like that ST:TNG episode... (Score:1)