“Facelock”: Passwords You Can Actually Remember!

If you have trouble remembering all your Internet passwords, Senior Moments aren’t necessarily to blame! Researchers in the UK maintain that forgetting passwords is an endemic problem for users and IT managers alike. As a solution, the scientists have developed a newly proposed alternative based on the psychology of face recognition. Dubbed “Facelock”, this system could put an end to forgotten passwords and protect users from prying eyes.
A release from the developers notes that the reason we have so much trouble retrieving passwords from memory is a trade-off between memorability and security: Simple passwords are easy to remember but easy to crack while complex passwords are hard to crack but hard to remember. Decades of psychological research has revealed a fundamental difference in the recognition of familiar and unfamiliar faces. Humans can recognize familiar faces across a wide range of images, even when image quality is poor. In contrast, recognition of unfamiliar faces is tied to a specific image—so much so that different photos of the same unfamiliar face are often thought to be different people. Facelock exploits this psychological effect to create a new type of authentication system The details were published June 25th 2014 in the open-access journal PeerJ.

Familiarity with a particular face determines a person’s ability to identify it across different photographs and as a result a set of faces that are known only to a single individual can be used to create a personalized “lock”. Access is then granted to anyone who demonstrates recognition of the faces across images, and denied to anyone who does not.

To register with the system, users nominate a set of faces that are well known to them, but are not well known to other people. The researchers found that it was surprisingly easy to generate faces that have this property. For example, a favorite jazz trombonist, or a revered poker player are more than suitable — effectively one person’s idol is another person’s stranger. By combining faces from across a user’s domains of familiarity—say, music and sports— the researchers were able to create a set of faces that were known to that user only. To know all of those faces is then the key to Facelock.

The “lock” consists of a series of face grids and each grid is constructed so that one face is familiar to the user, although all other faces are unfamiliar. Authentication is a matter of simply touching the familiar face in each grid. For the legitimate user, this is a trivial task because the familiar face stands out from the others. However, a fraudster looking at the same grid hits a problem—none of the faces stand out.