At its core, facial recognition technology is a form of biometric authentication that uses unique facial features to identify individuals.
It's a powerful tool that offers convenience and security, streamlining processes that once required manual intervention. However, this convenience doesn't come without its share of controversies.
The two big tests of any authentication system are accuracy and security.
Facial recognition is undoubtedly achieving accuracy levels to rival any other biometric technique.
But can new facial recognition systems be fooled, or can they defend themselves against attackers' stealing' people's faces?
As we've established, a face is not a 'secret.'
On the contrary, finding a person's face in an era of photo sharing is easy.
Instead, a face has to be hard to copy – and probably 'live.'
What are the facial recognition issues here?
In the past, criminals have tried methods such as:
Photographs, 3D-printed masks, and video clips
Early facial recognition systems were vulnerable to these approaches.
In 2009, authorized hackers successfully used photos to trick the systems used by Lenovo, Asus, and Toshiba laptops.
Forced or unaware of facial recognition
If attackers cannot spoof a system, they might try to force an authentication.
For example, they could hold a person's phone to the owner's face when asleep or coerce them to unlock it.
Stealing the numerical code
A criminal could steal the codes if every face pattern is converted into a numerical code before matching.
Happily, technology improvements and a smarter approach to the user interface have made it harder for hackers.
Liveness detection is the best defense against photo spoofing.
3D scanning helps (see technology section), and some systems require subjects to blink during set-up to indicate their 'liveness.'
Another sensible measure is to support different levels of security, depending on the use case.
- In low-risk scenarios, facial recognition alone might be suitable.
- But where the risk is high, the system might demand multi-factor authentication such as password and fingerprint.
Let's see how facial recognition evolves with Dimitrios Pavlakis from ABI Research.
Facial recognition evolution
Dimitrios Pavlakis, Industry Analyst at ABI Research, says the user experience should depend on the context.
"It might be okay to wake up your in-car entertainment with just your face, but maybe not to unlock the car itself. Manufacturers and algorithm developers might also ship face recognition systems with variable thresholds for different use cases and applications.
They might dial down the accuracy and increase the authentication speed in smart homes, for example, where there are a small number of frequent users, as opposed to banking or access control, where multiple users need to be identified."
Apple is a case in point here.
While a person's face alone can unlock the iPhone, a face scan and PIN code are required to open more sensitive services.
A good defense against harvesting facial data is to avoid keeping it in a central database.
This is why many systems store the numerical code locally – inside a secure enclave in the device itself.
For example, an embedded secure element (eSE) in a phone is a tamper-proof chip that lives in the chipset or SIM card.
It can only be accessed with strong authentication. Also, the eSE never shares the code with an application.
Instead, if a service wants to verify the user is authentic, it merely receives a yes/no answer.
Facial recognition problems and related topics