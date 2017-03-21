New Technology Combines Lip Motion and Passwords For User Authentication (bleepingcomputer.com) 17
An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
So what. Their lips don't have the same shape and their lip motion is different. That's the point.
No, not quite. The point is don't try and sell this as a "combined" security model when one half of the system is essentially compromised, simply by using it as intended.
Unfortunately, the other half of this system will ensure the entire thing is marketed as the best "multi" factor authentication solution in the entire universe.
I have to take the bandaid off the camera on my laptop to protect my cat pictures.
No thanks
What happens if someone suffers, say, stroke and part of the face is paralysed. Or they have Botox?
I suppose there has to be a backup to allow someone to reset their password in such cases, or in cases where they forget it. This backup may prove to be a weakness.
What happens if I record a video of my boss uttering his password, and then show the video to the camera?
Biometrics should be used for IDENTIFICATION, not AUTHENTICATION.
There is nothing wrong with a fingerprint or iris in lieu of a user name. I don't change that when the databases scattered all over creation get individually compromised.
So, we've reached a point where a user actually has to say their shitty password out loud in order to obtain better security?
Let me put my boots on so I can wade through the irony.
Oh, and not to nitpick or anything, but this is hardly combining functionality to create better security when your password is known to anyone within earshot of you authenticating. One half of that system is basically compromised simply by using it as intended.