Good Thinking

More secure two-factor ID system requires users to make faces

More secure two-factor ID syst...
The C2FIV system identifies users based on both their facial features and a predefined facial movement
The C2FIV system identifies users based on both their facial features and a predefined facial movement
View 2 Images
The C2FIV system identifies users based on both their facial features and a predefined facial movement
1/2
The C2FIV system identifies users based on both their facial features and a predefined facial movement
Along with general facial movements, C2FIV also works with the movements a user's lips make as they speak a secret phrase
2/2
Along with general facial movements, C2FIV also works with the movements a user's lips make as they speak a secret phrase

Although facial ID verification tech may seem pretty impressive, it can be thwarted. An experimental new system is claimed to be more foolproof, by requiring users to make specific facial movements.

According to Utah's Brigham Young University (BYU), existing facial ID technology – such as that utilized on some smartphones – can be circumvented by holding the phone up to the registered user's face as they sleep, or by showing the phone a photograph of their face.

BYU electrical and computer engineering professor D.J. Lee wanted to make things harder for wrongdoers, so he created what is known as the Concurrent Two-Factor Identity Verification (C2FIV) system. Users start by recording a one- to two-second close-up video of themselves making a certain facial movement.

When they subsequently want to use their smartphone, they're required to repeat that movement into the phone's camera. The C2FIV software will compare both the geometry of their facial features and the sequential facial motions to those which it already has on file. If they match, then access is granted.

Along with general facial movements, C2FIV also works with the movements a user's lips make as they speak a secret phrase
Along with general facial movements, C2FIV also works with the movements a user's lips make as they speak a secret phrase

Lee and PhD student Zheng Sun trained the neural network that was used to create the system, using 8,000 video clips recorded by 50 test subjects. The volunteers utilized facial movements such as raising their eyebrows, dropping their jaw, smiling or blinking. When put to the test, the system proved to be over 90 percent accurate at identifying users based on those recordings – Lee believes that figure should rise as the technology is developed further.

He adds that tiny camera-equipped C2FIV modules could ultimately be incorporated into devices other than phones, such as ATMs, safe deposit boxes, hotel room door locks or even automobiles.

Source: Brigham Young University

1 comment
1 comment
DaveWesely
So if someone creates an app to record you making these faces, or somehow records you during this login process, then exposes the login camera to that video, the security has been bypassed. I like this idea though. Perhaps an improvement would be for the user to set up different "faces", then the system asks for a random group of "faces" to be made by the user. It would be difficult to create a hack video without spliced spots appearing.