Passwords suck, so why not replace them with facial recognition? Because facial recognition software still kind of sucks, too, as Dan Moren discovered in Popular Science after a little craft project easily fooled his bank app.
Facial recognition software isn't totally dumb anymore. You can't just hold up a photo of someone's face, like you could do with Android's face unlock feature back in 2011. Moren's bank app, which looks like the one from United Services Automobile Association, required blinking to ensure there's a real-live human in front of the screen (which Android has since adopted too). Higher requirements for higher security right? We're talking about a bank account here.
But it was no match for Moren when he got crafty.
I walked down to my neighborhood drugstore and printed out a $4 8-by-10 glossy photograph of my face, then took a razor and cut out the eyes. (Thank goodness I work at home, lest I be mistaken for a rather clichéd and self-centered serial killer.) I then peered through the holes and tried to fool my phone into recognizing this creepy Frankenstein's monster. No luck. (Frankly, I would have been kind of offended if it had works: it looked pretty creepy). It's true that the scale wasn't quite right, so I couldn't get my eyes to line up perfectly. It's possible a better photo might succeed.
Before plan C, which would involve a Mission: Impossible style latex mask to beat the system, I shot a quick video of myself—blinking included. I held my phone up to the screen, and sure enough, the bank app let me right in. So much for high security.
As Moren points out, faces are one of the easiest things to steal. We all have dozens of photos on Facebook and Instagram. Even if your social media accounts are on full lockdown, security researchers have pointed out hackers surreptitiously take photos.
This may not matter if face recognition software gets a lot better, but it is being used to more and more important things. Alibaba wants to roll out pay-with-your-face technology by 2017. Let's just hope you can't trick it with a printout and a razor. [Popular Science]
Top image: igor.stevanovic/shutterstock