Last month, Alibaba CEO Jack Ma introduced facial-recognition software — “Smile to Pay” — as the future of online shopping. Designed to make passwords unnecessary, it allows users to complete purchases by scanning their face with a smartphone.
There was a problem with Ma's pitch, though. Despite his claims to the contrary, facial recognition isn't particularly secure. At least not yet. Today’s systems are easily fooled and increasingly obtrusive. Not only are they less secure than the annoying passwords they’re meant to replace, but any attempts to solve that problem make facial recognition clunky — far from the quick, effortless authentication that it promises.
Google started the smartphone facial recognition trend back in 2011 with the Android Ice Cream Sandwich. It was a bust. It allowed users to unlock a phone by holding it in front of their face — but it could be easily tricked by photos. Subsequent versions of Android increased the complexity of the system, but still failed to solve the picture problem. Built-in blink detection — which would theoretically prevent photos from substituting for a real person — has vulnerabilities too. Video, for example.
If facial recognition is to ever really replace the password, software will have to become sophisticated enough to never fall for a fake. Apple, which has long prioritized scanning fingerprints over faces, looks like it might be trying to solve that problem: Yesterday the company was granted a patent for a system to lock and unlock phones with the face. Apple’s system uniquely continues to snap pictures of the user while he’s on the phone. If he disappears, the phone locks. And research from the University of York has another helpful fix: Researchers optimized the Samsung Galaxy’s “face unlock” system by using a composite photo of the user created by “morphing together several different photos.” The idea came from trying to mimic how the human brain recognizes faces.
Nearly as important as security, though, is simplicity. If facial recognition requires blinking, morphing a bunch of photos into one, and a photo shoot that captures your face in different lights from different angles, a four-digit password starts to look pretty convenient.