FB pixel

Facebook rejects biometrics to embrace QR codes

 

Facebook engineer Gregg Stefancik has stated that he would like his company to eventually move away from using passwords, but vehemently opposes the use of biometrics.

At a recent media appearance in Australia, Facebook’s top security architect said that he would ultimately prefer the use of hardware tokens to log users into Facebook. In the interim, the popular social network is encouraging its one billion users to opt for two-factor authentication to sign-in.

Stefancik told ComputerWorld: “If we were in a world where every user had reliable two-factor authentication, then we could maybe get to a point where we are not worrying about passwords. My vision for security in Facebook over the next few years is that I’d like us to move away from the dependency on passwords altogether.”

He however does not view biometrics as the appropriate authentication alternative. In fact, Stefancik revealed to The Australian that he emphatically “hates” biometrics: “The reason I hate it is because I can’t change them. One of the things you look for in credentials is that they’re revocable.”

Stefancik told the Australian press that he believes there is a tremendous amount of research that demonstrates biometrics can be easily “spoofed” or faked. He states that examples abound on the Internet on how to make false fingerprints or forge iris images. As a consequence, Stefancik is leading Facebook’s efforts to develop both hardware tokens and software-based authentication for the social network. Solutions being examined include software code generation, including quick response (QR) codes.

Code generation is an additional ­security feature that requests users to enter a unique security code each time they log into their Facebook ­account from a new PC or device. QR codes are visual manifestations of such authentication codes. Stefancik’s current two-factor authentication solution is therefore a fancy name for a “two-step” solution. And while QR codes can continually be regenerated, they can also be easily replicated, with only the aid of a scanner or a photocopier. QR codes are also reminiscent of bulky old-tech, which is generated on outdated desktop devices.

Biometrics, of course, makes it possible to depend on a one step solution that is absolutely unique to an individual, and which is more convenient when using a mobile device. Biometrics are defined as measurable physical and behavioral characteristics that enable the establishment and verification of an individual’s identity. And biometric patterns not only include iris scans and fingerprints, but also more difficult modalities to “spoof” including facial recognition or even voice recognition.

Biometrics as well can be leveraged within a two-factor authentication solution, ensuring that alphanumeric passwords or generated codes enter the authentication mix. A combination of voice recognition based on a phrase, along with a generated code is an extremely strong authentication solution. Phrase-based voice recognition, of course, could be revoked and re-issued at anytime, utilizing another unique phrase. And other biometric modalities conceivably can be tweaked by way of nuanced adjustments to algorithm, code or even visual representation in order to make them constantly unique and revocable. As an example, facial recognition on a mobile device might be made more complex by providing a unique expression during the image capture authentication sequence. Providing an image of a blinking eye or frowning face could conceivably be used rather than just posing for a generic headshot image in order to affirm identity. Because facial expressions can exhibit myriad variations, such a biometric modality is flexible enough to provide a range of revocable authentication options. This reality should be considered before biometrics are dismissed out-of-hand as viable identification options.

The other reality that should be considered is that venerable tech firms have gone on record to call biometrics the authentication method of the future. Previously, BiometricUpdate.com reported that IBM predicts that biometrics will eventually be integrated with a wider number of commonplace technologies available in today’s consumer electronics to enhance security.

David Nahamoo, IBM’s chief technology officer, has previously stated that he expects biometrics would replace passwords by 2015. He said: “We can take advantage of the advanced technology being used in the smart devices, such as microphones, touch screens and high definition cameras to fully employ biometric security options. While there is already some adoption of facial and voice recognition, combining these and other biometric data points in the near future can eliminate the hassle of memorizing, storing and securing account IDs and passwords and at the same time give users a greater security confidence.”

Most other tech firms agree with this sentiment and we can only expect more not less adoption of biometrics as a mainstream authentication solution.

Article Topics

 |   |   | 

Latest Biometrics News

 

Biometrics adoption strategies benefit when government direction is clear

Biometrics providers have major growth opportunities ahead where there is clarity about their role. What part governments play in digital…

 

Biometric Update Podcast digs into deepfakes with Pindrop CEO

Deepfakes are one of the biggest issues of our age. But while video deepfakes get the most attention, audio deepfakes…

 

Know your geography for successful digital ID adoption: Trinsic

A big year for digital identity issuance, adoption and regulation has widened the opportunities for businesses around the world to…

 

UK’s digital ID trust problem now between business and government

It used to be that the UK public’s trust in the government was a barrier to the establishment of a…

 

Super-recognizers can’t help with deepfakes, but deepfakes can help with algorithms

Deepfake faces are beyond even the ability of super-recognizers to identify consistently, with some sobering implications, but also a few…

 

Age assurance regulations push sites to weigh risks and explore options for compliance

Online age assurance laws have taken effect in certain jurisdictions, prompting platforms to look carefully at what they’re liable for…

Comments

24 Replies to “Facebook rejects biometrics to embrace QR codes”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events