‘Facelock’, developed by psychologist Dr Rob Jenkins, exploits our ability to recognise faces across a wide range of images, even when the image quality is poor.
To register with the system, users nominate a set of faces that are well known to them, but not well known to other people. Users log in by selecting the faces they recognise from a grid. Psychological research has shown that familiarity with a face is virtually impossible to lose while passwords can be forgotten in days.
Fraudsters can't fake it
Another advantage is that familiarity is hard to fake, making the system difficult for fraudsters to crack.
Dr Jenkins explained: “Pretending to know a face that you don’t know is like pretending to know a language that you don’t know – it doesn’t work. The only system that can reliably recognise faces is a human who is familiar with the faces concerned.”
Studies showed a 97.5 per cent success rate for the system – and even 12 months later, 86 per cent of those taking part in the study were still able to recall the faces successfully.
Fraud protection
“To protect against fraud, security codes need to be difficult to guess – but this also makes them hard to remember. We are often faced with a choice between forgetting a code, which can be frustrating and inconvenient, or writing it down, which compromises security,” said Dr Jenkins.
The researchers, who included Jane McLachlan and Karen Renaud of the School of Computing Science at the University of Glasgow, asked volunteers to name minor celebrities or sports stars to create their personal ‘lock’.
They then asked volunteer ‘attackers’ to watch a successful login based on four target faces. The studies demonstrated that attacks could be thwarted by using different photos of the same faces. For the user, who is familiar with the target faces, it is easy to recognise the faces across a range of images. For the attacker, who is unfamiliar with the target faces, selecting the correct images is difficult.
Dr Jenkins said: “We hope that software developers will now take this framework and turn it into a polished app, while other experts optimise the usability of the system. If those two things happen, you could see this system on your device in the next product cycle.”
The text of this article is licensed under a Creative Commons Licence. You're free to republish it, as long as you link back to this page and credit us.