Less Than 1% of Hackers Can Bypass Facelock Security App

People use and reuse old passwords time and again, and then they get two-factor authentication to augment their fifteen-character passwords. Wouldn’t it be great if your computer could recognize you just by how well you recognize others?

Security using facial-recognition technology isn’t a new thing - in 2000, the Passface system used a similar concept, where it replaced passwords with a series of pictures based on your friends and family. This was somewhat effective, but those who could figure out the pattern were able to get into the system fairly easily.

Facelock is a new concept of facial-recognition technology. Instead of concentrating on technology that lets you define pictures in a specific pattern, it concentrates on whether or not you can identify familiar faces. In other words, the faces you know can help you keep your system safe from intruders, rather than just being another code for a hacker to crack. Unless a hacker can tap into your memory, they probably can’t crack your Facelock password.

How Does It Work?
Facelock presents the user with various face arrays. It is the user’s job to identify the familiar face amongst the unfamiliar ones. These arrays can be shown in different orders with faces scattered in different positions. What makes this any different than Passface is the human mind’s ability to detect familiar faces, regardless of appearance, in different images. Even if a hacker is able to identify which picture you guessed, they are unlikely to identify the image in a different picture.

What a Face-full!
This technology backs up its bark with its bite. A study was done on over 400 participants, which included account holders, stranger attackers, and familiar attackers. These tests were conducted over the course of one-week and one-year increments. Account holders were asked to choose the faces of several lesser-known celebrities in a narrow field; this mitigates the chance that threats will be able to access the system.

Results showed that after just one week of using this technology, 97.5 percent of users could authenticate their accounts, while stranger hackers succeeded less than one percent of the time. This number jumped to 6.6 percent for attackers that knew the victims personally. And, after a full year of working with the software, 86 percent of all users were able to authenticate. The test also examined whether attackers could authenticate with different photos of the same people. Unless the photos were of distinctive people with very prominent features, such as a bald head or round glasses, hackers were unable to identify pictures of the same people.

Keep in mind, as great as this technology is, it isn’t really a good fit for business devices that may need support and troubleshooting. If your help desk technicians aren’t in your circle of friends, they won’t be able to log into your device to help you solve your problem.

It’s a fairly simple concept - passwords don’t work for humans, and the existence of a “Forgot password?” prompt reinforces this. But, does facial recognition take this a bit too far? Is two-factor authentication enough for you? Let us know in the comments.