Why secure and reliable authentication matters... and how facial recognition can provide it
In a world of digital services, issues of identity and authentication pose a problem.
How can people trust each other when they are not physically present?
Traditional paper-based forms of identity – passport, driver’s license, ID card – are not the answer. These documents were designed to be checked in physical settings by human agents on bespoke machines. And although they have been updated with contactless technology, checking paper documents can be time-consuming.
Meanwhile, many types of authentication are flawed, especially passwords.
With the average person needing to keep track of multiple passwords, many of which may need updating regularly, the password has become impractical as well as insecure.
Criminals can ‘phish’ people out of their passwords. Or they can use ‘brute force’ software to try millions of word combinations every second. The problem is that a widespread, universal (and convenient) form of digital identity doesn’t currently exist.
Something more robust is needed. Many experts believe facial recognition has the answer::
- It’s non-intrusive as there is no physical interaction required by the user.
- It’s relatively easy to deploy and implement
- Technology costs – cameras, processing – are falling.
- Mass adoption by smartphone makers has made it familiar to users.
- Its results are accurate and fast.
There’s also a sense that facial recognition is best suited for future work and leisure patterns.
“The face is the most flexible biometric authentication modality,” says Alan Goode, CEO and Chief Analyst of Goode Intelligence. “It can be used in different contexts and settings. There’s no need for sensors. And this fits with current megatrends. Take ride-sharing. If we move into a future of autonomous driving and shared ownership, we will need new and seamless ways to identify ourselves. Facial recognition seems to provide the best answer to this.”
Facial recognition could be key for citizens of many nations too.
According to the World Bank, there are more than 1.1 billion individuals without official proof of identity. This is a significant challenge. Without an officially sanctioned identity, it can be difficult for people to access finance, healthcare, social protection and even work.
The face is the most flexible biometric authentication modality. It can be used in different contexts and settings. There’s no need for sensors.
But in a broader level, it’s just more convenient to have a single digital identity.
Frederic Trojani, chairman of the Security Identity Alliance, says: “Today, it seems we need a new identity every time we sign up for a new service. What we need is a sovereign digital identity – given to us at birth by our government – which is interoperable across all consumer, enterprise and government domains. This will provide a secure way to authenticate us with any entity that needs to know who we are, before offering benefits or services.”
The difference between identity and authentication
It’s tempting to use the words identity and authentication interchangeably. This is wrong, and it’s essential to understand the differences.
Identity: A set of credentials that comprises ‘you’. This could be your name and address. This could be a token or alias (an email address or phone number). Sometimes, this is even a physical ‘thing’ (an ATM card). Your identity must be unique and say to a third party ‘this is me’.
Authentication: What we do when a third party asks: ‘How can you prove it?’. In the case of an ATM card, the card is the ID and authenticator is the PIN. In the case of border control, the person’s ID is their name and passport. The authentication is carried out by the agent who looks at a person’s face and certifies the likeness.
A person’s identity is unique, but it is no secret. Authentication keys must be either secret (PINs, passwords) or hard to copy.
With biometric authentication, the authenticator is not secret, but it is challenging to mimic.
In the case of facial recognition, a system must be able to distinguish between a genuine subject and a faker using a photo, mask or video clip. So the ability of the authentication method to deter these attacks determines how strong it is.