Do you turn your nose up at having to remember yet another password? Well, maybe in future that’s all you’ll have to do to unlock your Android phone or tablet! It has been announced that in June last year, Google filed a patent suggesting that users pull a specific face instead of using a password.
The request of specific gestures is thought to stop the Face Unlock facility from being fooled by photographs. The Jelly Bean version of Android required that the user blink their eyes as a check but a group of security researchers from the University of British Columbia posted a video on-line showing that the system could still be fooled.
The patent filed by Google suggested that the software would track a “facial landmark”, making sure the user not only looks like the owner but also carries out a specific requested action, possibly requesting a combination of gestures issued at random.
This would work by comparing two images taken from a captured video stream of the face and checking to see if the difference between them showed that the gesture had been done.
To ensure that an image with a fake gesture wasn’t used, the patent also suggested that other frames would be studied, showing the sequence to producing a gesture. The software could also monitor the angle of the face.
Google acknowledges that this still could not be enough and suggest the device could “emit light beams having different colours or frequencies, that are expected to induce in the eyes of a user a reflection of light having a corresponding frequency content”.
In other words the screen would flash and shine different coloured lights onto the users face and check for relating glints as the requested gestures were made.
Many security experts remain sceptical though. Prof Alan Woodward of Chateris said “The problem with biometrics in the past has been that you have always been able to find a way to work round the requests to deliver what’s needed.” He continued “It sounds like Google is thinking about how try and counter this with randomness and movement. But there’s a long way between writing a patent about an idea and delivering it as a reliable security measure. I would expect people will still use traditional passwords for some time to come.”
So with people becoming ever more aware and concerned about security, is facial recognition the best solution or are we just leaving ourselves more open to attack?
[Image via huffingtonpost]