A new era of secure passwords could be upon us with a facial password system that can unlock phones using facial expressions – with users required to stick tongues out or frown at the camera instead of typing a password.
Google has filed a patent for a secure password system which would require specific facial gestures to unlock Android devices – preventing the current Face Unlock utility being fooled by photos of the user.
The system would prompt users to perform actions such as a frown, sticking a tongue out, smiling with an open mouth or moving an eyebrow. It would then compare the position of a “facial landmark” in frames taken from a video stream to come up with a “liveness score”,
Google’s patent suggests that the system could be augmented with other technologies, such as a “3D rangefinder” and “technologies such as lasers to determine distances to remote objects, depth of remote objects.”
The patent also suggests that phones could “emit light beams having different colours or frequencies, that are expected to induce in the eyes of a user a reflection of light having a corresponding frequency content”.
ESET Senior Research Fellow David Harley says in a blog post, “The sad fact is, static passwords are a superficially cheap but conceptually unsatisfactory solution to a very difficult problem, especially if they aren’t protected by supplementary techniques. Biometrics and one-time passwords and tokens are much more secure, especially when implemented in hardware as a two-factor authentication measure.”
Author Rob Waugh, We Live Security