The next time you open a new bank account, you may not have to remember a complex sequence of alphabets, numerals, and special characters required for most authentications, such as your PIN. Instead, you may just have to remember the sequence of your favorite faces, be it your family, friend, or even your favorite movie star. This new system called "Facelock" is based on the psychology of face recognition and promises to eliminate the problem of remembering easily forgettable complex passwords.

Facelock is based on the principle of our remarkable ability to remember familiar faces. Research has shown that familiar faces can be recognized even in less than perfect viewing conditions like dim lighting, seeing from a distance, or when image quality is poor. But with unfamiliar faces, it's quite the opposite. Studies have shown that even minor inconsistencies lead to error in recognition of unfamiliar faces. Very often, images in different poses of the same unfamiliar person lead us to believe they are of different people. This psychological difference between familiar and unfamiliar people is made use of in designing Facelock. A report on the research has been published in PeerJ.

The system works by the user choosing a set of faces he/ she is familiar with. These need not only be family or acquaintances but can also be the person’s favorite sports star or dancer. A "lock" is then created with one familiar face interspersed with several unfamiliar faces for a particular user. The faces are arranged as a series of grids, and the user can select his target face in each grid and gain access to the system. Although it sounds simple, it is quite unerring, as faces familiar to one person may be unfamiliar to the other. So an unauthorized person may not recognize any of the faces in the grid.

Using the concept of familiarity for authentication systems has several advantages. There is no need to commit anything to memory as in the case of password or PIN-based systems, since it only involves recognizing faces and not names. Memory of a familiar face is almost life-long, so even after a gap of one year users were able to correctly identify their passwords in this experiment.

The system also provides the required security as familiarity is difficult to imitate. In the current study, the researchers asked volunteer attackers to watch a successful authentication sequence based on four target faces, so that they could pick out the same four faces from similar test grids. These attacks could be defeated simply by using different photos of the same faces in the test grids.

An authentic user can easily recognize the faces across a range of images. For the fraudster, who is unfamiliar with the target faces, generalizing across images is difficult. According to a press release, Dr. Rob Jenkins of the University of York in the UK, said that "pretending to know a face that you don't know is like pretending to know a language that you don't know — it just doesn't work. The only system that can reliably recognize faces is a human who is familiar with the faces concerned." 

This system combines the cognitive science of face perception and other secure authentication algorithms and also accommodates the strengths and weaknesses of human memory. Its main objective is to make authentication more user friendly and recognizable, as forgotten passwords are a common problem. The developers are trying to design this as an app and are hopeful it will be available soon for public use.


Source: Garner D, McLachlan J, Renaud K, Facelock: familiarity-based graphical Authentication, PeerJ. 2014.