Apple’s Face ID has helped bring face recognition to a mainstream audience, giving the consumer a glimpse of what the future of personal data security could look like. However, while the iPhone X has helped drive awareness, soon after the launch dozens of spoof videos appeared, fooling Face ID using siblings, offspring, friends, pizza toppings and masks, and raising valid questions about the security level of the technology.
What is facial recognition technology?
Facial recognition – matching a stored biometric facemap obtained during enrollment against what a smart device camera sees during a login session – when done correctly is a security improvement over passwords and pins, which are relatively easy to steal.
Understanding identification vs authentication
To understand what is necessary to achieve the desired level of security for more than just opening a device, a distinction needs to be made between facial recognition (verification by image matching), and authentication, a much more certain determination of the correct user being present in person during login.
Most current facial recognition options are incapable of determining if the subject of the verification is actually there in person, leaving them susceptible to spoofing by a photo, video, mask or an inanimate representation like a 3D fake head. Why? They lack the ability to detect a critical aspect of true authentication during login: liveness, or the detection of unique human traits that can include movements, skin texture and eye reflections.
For context, Apple’s Face ID matches images and can determine three-dimensionality (depth analysis), but it lacks robust liveness detection that can determine whether or not the correct user is actually present in the flesh at the time of login. The multitude of spoof videos already on YouTube clearly show its current limits.
Apple’s proprietary technology will undoubtedly improve over time. However, the speed at which it develops will be impeded by their decision to use a specialised – and costly – hardware-based approach.
Hardware takes years to develop and implement, works only on specific devices and, particularly in face ID’s case, uses expensive technologies that can quickly price phones out of most people’s reach. In addition, changes or improvements made during the lifespan of the hardware is ultimately limited to the hardware’s baked-in capabilities.
Alternatively, 100% software solutions hold significant promise for universal adoption, most notably if they are driven by artificial intelligence. AI software can learn to make improvements and updates, has a much lower cost basis, and can be implemented on nearly any smart device (including nearly all iPhones) with the only hardware requirement being a standard selfie camera.
True authentication – verification plus depth analysis and liveness detection – can significantly reduce fraud and cyber attacks in a broad range of industries, including banking, healthcare, transportation and many others. Its application can even be used to help those who cannot prove who they are, including situations like those of refugees who have been forced to leave their country without any proof of identity. Face authentication can rebuild their identity to allow them find work, open bank accounts and access services previously denied to them.
It has been estimated that by 2020 more than half of the world’s population will use their smart mobile devices as their primary form of ID and method of accessing confidential information. A universal, intuitive, secure and low cost software face authentication solution will soon be essential for personal data security.
Sourced by Kevin Alan Tussy, CEO at FaceTec, Inc.