sciencetech-blog

comments

The frustration of forgetting numerous passwords to log onto internet banks, shopping sites, emails, social and other websites could soon be a thing of the past.

A new security system, based on familiar faces known only to each individual user, promises to finally beat the web hackers.

Called Facelock, it works by asking users to identify familiar faces across a range of photographs in order to gain access to web accounts.

The Facelock system asks users to identify familiar faces, including friends and celebrities, across a range of photos, known as a Challenge Grid (pictured). By showing faces only the user recognises, the research team claim it's harder for hackers to gain access to web accounts

Previous psychological research has shown people can recognise a familiar face even if images are poor, but struggle to recognise an unfamiliar face from different images.

As a result, a set of faces that are known only to a single user can be used to create a personalised 'lock,' researchers from the University of York revealed.

Users pick portraits of people familiar to them, which can include idols such as sports personalities, musicians or even poker players.

By combining faces from across a user's domains of familiarity, the researchers were able to create a set of faces that were known only to that user.

This scatterplot shows the relationship between personal attackers' acquaintance ratings, and the number of correctly guessed targets in their first attacks. The area of each datapoint is sized to correspond to the number of cases contributing to it

Previous research found matching identical images (a) is trivial, matching different images of unfamiliar faces is hard (b), but matching different images of familiar faces is easy (c)

To know all of those faces is then the key to Facelock, the study published in the open-access journal PeerJ said.

The 'lock' consists of a series of face grids, and each grid is constructed so that one face is familiar to the user, whilst all other faces are unfamiliar.

Authentication is a matter of simply touching the familiar face in each grid.

But for fraudsters, looking at the same grid will be left confused as none of the faces stand out.

Researchers said the system is better than current methods as users don't have to consign complex passwords or PINs to memory, or put names to faces.

Past psychological research has shown that familiarity with a face is virtually impossible to lose, and in the current study users authenticated easily even after a one-year gap.

In contrast, disused passwords can be forgotten within days.

Plus, Facelock is said to be hard to crack.

Researchers asked volunteer attackers to watch a successful authentication sequence based on four target faces, so they could pick out the same four faces from similar test grids.

However, the attacks were thwarted simply by using different photos of the same faces in the test grids.

For the user, who is familiar with the target faces, it is easy to recognise the faces across a range of images.

For the attacker, who is unfamiliar with the target faces, generalising across images is difficult.

Dr Rob Jenkins, of York University, said that 'pretending to know a face that you don't know is like pretending to know a language that you don't know - it just doesn't work.

'The only system that can reliably recognise faces is a human who is familiar with the faces concerned.'