Study: Facelock authentication system offers alternative to memorizing passwords
Researchers at the Universities of York and Glasgow have been testing a viable alternative to remembering passwords that will allow users to view a grid of faces and choose one familiar face to securely access a website.
In a paper published by open-access journal PeerJ, researchers Rob Jenkins, Jane L. McLachlan and Karen Renaud explain how their knowledge-based authentication method will make it easier for IT managers and users to log into their accounts, all without compromising security.
Dubbed “Facelock”, the new method is based on years of psychological research that proves there is a stark difference in the recognition of familiar and unfamiliar faces.
According to the research, humans can single out a familiar face when given a large selection of images, even when the image itself is of low quality. On the flip side, recognition of unfamiliar faces is associated with a specific image, to the point where different photos of the same unfamiliar face are perceived to be different people.
Using this same principle, Facelock creates a personalized “lock” for each account holder based on his or her ability to pick out a familiar face from a set of photographs, which are known only to that individual. As a result, only the person who demonstrates recognition of the faces across the set of images will be given access into the system.
To register for the system, users were given the freedom to choose a set of faces that are known to them, but are not known to other individuals. Users chose a combination of faces based on their domain of familiarity, such as a favourite singer, athlete or actor, and the researchers were able to generate a set of faces that were known to that user only.
The lock is comprised of a series of face grids, with each grid constructed as such that only a single face is familiar to the user and all the remaining faces were unfamiliar.
Ultimately, the authentication system has several advantages over memorizing password or PIN codes, including users not having to memorize anything, and the system being extremely difficult for hackers to breach.
You can read the study here.