VeriFace Make your face your password

DoubleD · August 2008

I was just skimming through my new Tiger Direct mail-in catalog and noticed on page 13 that they are selling a laptop called the Lenovo IdeaPad. (Lenovo what used to be IBM's desktop/laptop division.)

Well, anyway the laptop comes with software called VeriFace which uses the embedded 1.3 megapixel camera to scan your face. It says "Make your face your password!" and actually has the gall to fawn over how cool the feature is.

It doesn't have any information on if the VeriFace software can be uninstalled. If it's actual software, then it can probably be uninstalled. If the software is installed on the motherboard (like on a ROM chip), then it cannot be uninstalled. And if the software is installed on the motherboard, then there might be a chance that it will not allowed alternate OSes (i.e. Linux and BSD) to be installed. VeriFace is included with this laptop.

HeroPsycho · August 2008

Hey Royal, make your face your password, and it would be the ugliest password every made!

OOOOOOOOOOOH SNAAAAAP!

Obviously, just kidding...

dynamik · August 2008

Whoa... harsh!

I wonder how well something like that would really work. You should buy one and see if it'll recognize a print of your face. Let us know

I think fingerprint scanners are better solutions.

royal · August 2008

Lol where'd that come from.

shednik · August 2008

Random indeed but funny

I'd like to do some testing for that though and +1 for fingerprint scanners!

HeroPsycho · August 2008

royal wrote:

Lol where'd that come from.

I dunno, it could have easily been someone else. Just trying to get you to laugh, you seem stressed a bit lately.

Hey, if the hat were included in the image, we all know whose password would be the longest... :P

NetAdmin2436 · August 2008

HeroPsycho wrote:

Hey, if the hat were included in the image, we all know whose password would be the longest... :P

Uh oh....

DoubleD · August 2008

Just Scan Your Face!

tiersten · August 2008

The issue with most of these is that they're being deployed with the biometric part solely. You need to really do two factor authentication at a minimum since generally available PC biometric systems aren't that great.

The face detection ones have been beaten by photos of a valid user. Some of them will check that the eyes look "real" so the solution is cut out eye holes...

Fingerprint scanners have been defeated using various methods including printouts, gel molds of fingers and even dusting a latent print + balloon filled with water.

The UK has a biometric based immigration system in some of the airports where it will scan your iris to authenticate you. This means you can bypass the regular passport control desks and just use the automated system. They've got guards watching you and you're in basically a cage whilst you're doing the check.

tiersten · August 2008

DoubleD wrote:

It doesn't have any information on if the VeriFace software can be uninstalled. If it's actual software, then it can probably be uninstalled. If the software is installed on the motherboard (like on a ROM chip), then it cannot be uninstalled. And if the software is installed on the motherboard, then there might be a chance that it will not allowed alternate OSes (i.e. Linux and BSD) to be installed. VeriFace is included with this laptop.

Not looked it up but I'd say its pretty likely that its just a crappy Windows application that you install and it takes over the regular Windows logon process.

royal · August 2008

HeroPsycho wrote:

royal wrote:

Lol where'd that come from.

I dunno, it could have easily been someone else. Just trying to get you to laugh, you seem stressed a bit lately.

Well, HP:

Hehehe

royal · August 2008

I'd be really interested in seeing this software. I would think it'd still be safe for it to be part of a multi-factor authentication scheme. So for instance, if takes over winlogon, I would like to see some options within this software that forces multi-factor authentication so you can use let's say a smart card + scan of your face, or a password + scan of your face, or a fingerscan + scan of your face, etc...

I think it's an interesting idea, but I wonder how well it works and how accurate it is. For instance, if you don't shave for a couple days, will it start exhibiting issues. Can you adjust the sensitivity? I'd really be interested to see this in action.

tiersten · August 2008

royal wrote:

I would think it'd still be safe for it to be part of a multi-factor authentication scheme. So for instance, if takes over winlogon, I would like to see some options within this software that forces multi-factor authentication so you can use let's say a smart card + scan of your face, or a password + scan of your face, or a fingerscan + scan of your face, etc...

Yeah. If you're using it as part of a multi-factor authentication system then its fine. People tend to just leave it set to single so they don't have to type in their password any more.

royal wrote:

I think it's an interesting idea, but I wonder how well it works and how accurate it is. For instance, if you don't shave for a couple days, will it start exhibiting issues. Can you adjust the sensitivity? I'd really be interested to see this in action.

The facial recognition system I looked at ages ago worked by detecting where the major features are on your face and then calculating the distances and angles between them. Newer ones actually use two cameras to capture a 3D image of your face. Those work by trying to work out the contours of your face.

These systems are beginning to become fairly popular in CCTV. They're not for authentication however but to try and flag potential suspects so a false positive has different implications. Doesn't work too well if the person isn't looking directly at the camera however.

If your beard is a proper big fuzzy one which covers your mouth then you might have some issues...

HeroPsycho · August 2008

<================== I have horns!

Darthn3ss · August 2008

.. what happens if you get in a bad accident or something and mess up your face?

dynamik · August 2008

What if it won't accept your picture because it doesn't believe it to be a face?

Darthn3ss · August 2008

what if you went hannibal and cut some guy's face of just for this? lol

Ahriakin · August 2008

HeroPsycho wrote:

Hey Royal, make your face your password, and it would be the ugliest password every made!

OOOOOOOOOOOH SNAAAAAP!

Obviously, just kidding...

And people would wonder why your face came MD5 Hashed....so there...ha...er....
back to the cofffee.

Anyway like any biometric system it's only as good as the implementation which from OEM's means bottom of the barrel. A good example are the more common fingerprint readers, advanced models check for pulse, read through the first few layers of skin etc., have very low false acceptance and rejection rates and encrypt their communications between the device and software, the reader on your OEM laptop usually is the most basic surface reader with no encryption.
Facial readers by their nature are more complex in that they have to read and verify eigen values (The data these sensors actually save, they don't really keep an image of your face/finger or whatever) purely from an optical image, light levels come into play, if you even just got a good tan or didn't shave in the last few days and of course over time your face changes.

VeriFace Make your face your password

Comments