Lenovo Trying Face Recognition For Logins On New Laptops 164
judgecorp writes "Lenovo's new IdeaPads will be using face recognition as a way to replace passwords for users logging onto the laptops. 'Lenovo's VeriFace combines the Windows login and file encryption to password-protect individual files. It identifies users by matching unique features of their faces to photographs taken by the 1.3-megapixel webcam built into the laptop. When Windows users start up their PCs, a camera window pops up in the login frame. The user then just has to adjust their position so their face appears in the window, and VeriFace logs them in automatically.' That could be good, but is the technology really ready for mass market devices? HP ran into trouble when its face recognition software had trouble recognizing people with darker skin."
Who the hell would trust this? (Score:1, Flamebait)
Re:Who the hell would trust this? (Score:4, Interesting)
Re: (Score:1)
It's secure because you tried an obvious approach on 5 minutes of your owm time? Holy shit, you're dumb as a brick.
Re:Who the hell would trust this? (Score:4, Informative)
I didn't even try that, although its an obvious test.
Lenovo's face recognition failed for me because it slows down the login process. Even where it worked right off the bat (which it didn't always) it has to load the software, take the picture, scan it, then analyze it. If your face isn't optimally positioned, you have to stop what you're doing and orient yourself correctly to give the software a chance.
The result was far *slower* than typing a password in, so what was the point? If it were as instantaneous, flexible and reliable as human face recognition, that would be a different matter.
Re: (Score:2)
I have one of the new IdealPads with face recognition. The computers are gorgeous and face recognition works well. The first thing I tried was to print a photography of mine with good quality on a 4 arc of paper to see if i could fool the program to think that it was the real me. It didn't work, so I think it's ***reasonably*** secure.
Now try 'playing' with some makeup and give yourself a fake black-eye with typical squinting eye or equal facial marking and let us know if it still recognizes you. How about try smiling/frowning at the camera as the older versions of this kind of software couldn't understand that it could be the same person. [bbc.co.uk] Hat or other head accessory?
Re: (Score:2, Informative)
Re: (Score:3, Interesting)
Why not both? Haven't slashdotters always said the best security is both something you know (your password) and something you "have" (your face).
Someone gets your password, but doesn't look like you: No entry.
As far as 'holding up a picture" you'd think that with 3D becoming the new fad and tiny cameras being cheap. They'd put 2.
MacBook Pro 2014 1 camera in each corner and the glasses-less 3D technology.
OOo imagine the porn.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
It is something you know: password a secret question.
Something you have: a key, a dongle, a passcard.
Something you are: biometrics of some sort.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Hahahahaha, There's a lot wrong with that, and I say this as someone who's had a stalker break into their facebook/gmail accounts. If we're to move to this "cloud computing" paradigm we're going to have to take the security considerations extremely seriously.
Re: (Score:2)
Whoooooosh!
One would think it was rather obvious when he called Facebook a "small and obscure site"...
Re:Who the hell would trust this? (Score:5, Informative)
Re: (Score:2)
It's not like this is new for Lenovo either. They've had it for a long time. And no - I haven't managed to fool it with a photo of myself yet.
Re: (Score:3, Interesting)
Dude, this technology is FAR OLDER THAN YOU THINK.
I ran it on an overclocked 180MHz Compaq back in the mid-90s. It did EXACTLY THIS - Face-recognition as a password.
Re: (Score:3, Insightful)
You would need either two or 3 cams to pass the 3d test.
Actually that would get past the photo issue, but you'd need to put the cameras on other end of the laptop corners.
Re: (Score:2)
My Wife's 3 year Old Ideapad came with Veriface.. Doesn't seem to like it when its low light, or she has glasses on. It got uninstalled pretty quick.
Re: (Score:2)
Easy to defeat (Score:4, Informative)
Was there any breakthrough in face recognition recently? It was easy to defeat as of last year.
http://www.internetnews.com/security/article.php/3804906/Facial-Recognition-Gets-a-Black-Eye-at-Black-Hat.htm [internetnews.com]
Re:Easy to defeat (Score:5, Insightful)
Re: (Score:3, Funny)
Oh, here I thought I just had to fire up http://thehun.com/ [thehun.com] and show them one of those facials. Thanks for setting me straight!
Re: (Score:2)
Fool it with a picture? (Score:2, Insightful)
What's to keep me from holding up a picture of my coworker in front of the camera when I want to log in to her computer?
This sounds easier to fool than the fingerprint sensors that can be spoofed with silly putty.
Re: (Score:1)
Well, if someone has your photo, then they can get in; but generally I feel the most common scenarios are:
- someone breaks into your house
- you leave the device on the train
In the first, arguably the attacker could steal a photo or two just in case.
In the second, chances are that the attacker knows nothing about your or your photo, so the data should be pretty secure.
Re: (Score:3, Insightful)
If I'm stealing a total stranger's laptop, I honestly don't give a crap about the data. I'll sell it to someone else who'll reformat it and sell it as "refurbished" on amazon.
The only people who would ever care about your data are the people who know you, and they would have the capability and foresight to bring a picture. This system is almost as idiotic as security through voice recognition.
Re: (Score:2, Insightful)
Well, the technology may not be there yet, but conceptually, the strongest authentication available is some combination of voice and face recognition, as done by a human.
eg, if you want a new passport, in England, you have to take a picture, and get someone you know to certify it's a true likeness of you. How does that person know it is you? Well, by seeing how you look like, and listening to your voice. I guess?
So, from a theoretical point of view, this system is I feel sound. Just, maybe the technology
Re: (Score:3, Insightful)
If you consider just a camera (with no additional sensors spread over a large area), it is a crappy concept. Its the kind of concept that stops being viable once it starts being possible.
Only an awesome 3D camera with an extremely wide angle would not fall into the "just use a printed piece of paper" method. And that non-existent awesom
Re: (Score:2)
High-tech cheaters can get away by standing in front of the system and using a special set-up to project a different image inside the camera.
Or, to put it simply, by wearing a mask. If a voice is involved, a simple DSP box will convert your speech to the natural range of the target voice. The stupid computer won't be able to do much else with the audio. Of course if the voice exchange is not a challenge-response but a mere password then any voice recorder will do.
Re: (Score:3, Funny)
Old, old news (Score:5, Insightful)
Re:Old, old news (Score:4, Informative)
Re: (Score:3, Informative)
Facial recognition software came with the Ultraport camera for Thinkpads back in 2000 which would (fairly reliably) unlock your screensaver when you sat down in front of the machine. You could even require that you had to smile to prove you weren't a picture.
A.
Re: (Score:2)
Yeah... I'm thinking security theatre [internetnews.com], unless the state of the art suddenly regressed after 2000.
I've since read that using a picture of yourself is more reliable than your actual face, as it's less prone to shadow effects from variable lighting.
Ehmmm... Photo? (Score:5, Funny)
So I can just grab a photo of the user whose PC I want to log onto and show it to the cam?
Much easier to crack than that darn retinal scan that requires me to get the eyeballs of my victim...
Re:Ehmmm... Photo? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
On my IdeaPad, the facial recognition would track the eyes of a photograph, but not actually log you in. That was with a tiny drivers license photo. I'm not sure what a higher quality photo would have done.
Re:Ehmmm... Photo? (Score:5, Insightful)
The facial recognition has been circumvented on these with a photo of moderate quality. Since the camera doing the recognition is a 1.3mp camera, the absolute most you'll need to beat it is a 2mp photo, and likely a lot less than that will work. A new/clean driver's license photos might work, but a worn one probably wouldn't.
The only way I see them preventing a simple photograph from circumventing this is using two cameras, scanning at different angles, and making sure the two images are slightly different but still match. In that case you would need a fairly complicated rig to get the cameras to look at two photos at once in order to fool them. Much better, but not exactly secure.
As it is now, these are even less secure than fingerprint readers, which can be beaten with a lifted fingerprint (laptop readers require a transparency, but doors can be done with black dust and tape).
The reality is biometrics never work like the movies. An image of your face can be recorded in high enough quality to fool a scanner, your voice can be recorded in high enough quality to fool a scanner, a good camera (around $1k or so) can even get a high quality copy of your retina from a long enough distance that you'd never know it happened, which could then fool a scanner. Fingerprints have always been a joke to bypass. In many cases you can lift the necessary print right off the scanner - you might as well have a sticky note on the screen with your password on it.
All of them are easier to bypass than a simple non-dictionary password. A pass-phrase is several orders of magnitude more secure than the lot, and the easiest to remember. It's only when you want to make passwords super secure that people start writing them on stickies and slapping them on their monitors (note that I have actually experienced this in secure government facilities - it's extremely common when very complex passwords are required). You might as well just use biometrics then, for all the good it is doing you.
Re: (Score:2)
The reality is biometrics never work like the movies.
In real life your Mission:Impossible team doesn't get the breaks you see in the movies or on home video. The tech is more sophisticated. Defenses are in layers.
You have to carry a player for that audio recording. The color print-out from your Nikon. The tripod to mount the photo in place. Each complication ups the risk of detection.
Re: (Score:1)
On my wife's IdeaPad I can log in by holding up my macbook in front of it with iPhoto showing a picture of my wife's face in full screen mode. I tried a few photos and the one that worked was taken face-to-face, in the same way that the inbuilt webcam would take it.
I found that I need to tilt the macbook screen slightly so the LCD viewing angle achieved the right level of contrast for the camera in the IdeaPad.
I could just use the password to log in, but that would be boring.
This would be good for my work Blackberry (Score:3, Interesting)
Im tired of unlocking my work blackberry with its tiny keyboard every time I want to check the latest email. Security policy mandates we use a long complicated password, which is a total pain to type every time you want to browse the web, or check the map, or whatever.
Re: (Score:2, Offtopic)
Sometimes the people get it...
Re: (Score:3, Interesting)
> An analogy I often use is; "A good way to secure a car is to remove the wheels and put it up on blocks. It just doesn't make a very good car..."
I bought the cheapest bicycle I could in China, 20 dollars, and it got stolen.
So I bought the cheapest one again, and hit it with a brick for 10 minutes, until the paint is all scratched up, and the mudguards are dented.
Hasnt been stolen yet :-D
Re: (Score:2)
I'll take your advice.
Blackberry, meet brick.
Re: (Score:2)
That doesn't even make sense to me, especially in the context of a Blackberry. The default security settings are to wipe after ten bad passwords; no matter how easy your password is, there's no way someone's going to guess it in ten tries (unless they shoulder surf when you're entering it in, but long and complicated passwords won't help there either).
Seriously, just set it to "minimum 4 characters, wipe after 10 bad passwords" and you're as safe as Blackberries get.
Face recognition using just a webcam? (Score:4, Interesting)
To make face recognition more secure, perhaps they should use two camera's and get a 3d scan of the face (can be fooled as well but less easy), or require that the face is moving. Perhaps even ask the user to read a randomly chosen word and lip-read the response.
Re: (Score:2, Funny)
Re: (Score:2)
Guess what? Not everyone is very concerned about security of their login. Sometimes convenience is more important. Supposing Lenovo can get their software to work quickly and with low error, it could be beneficial to people who don't want to bother with entering a password.
Re: (Score:2)
...will holding a picture of the laptop's owner in front of the camera unlock the machine?
Yes.
They can barely handle people with dark, especially black, skin. They cannot tell the difference between a photo and a live image.
The two-camera idea would be my suggestion, which would make it harder but not impossible.
In any case, it's more finicky and less secure than a passphrase, so why not use a passphrase?
Re: (Score:1)
The 3d technique would be an attempt at actual security, the Lenovo technique is described in the IdeaPad manual as a convenience feature.
I don't foresee any major problems with Lenovo shipping this software on all their machines, though it would be nice if they made it crash less frequently and educated the user about the risks of using it.
People have locked things up with simple, easily copied metal shapes for a few thousand years, believing that this was security.
Re: (Score:2)
How easy is it to fool this thing? For instance, will holding a picture of the laptop's owner in front of the camera unlock the machine?
For this you need access to the laptop, a reasonable expectation of privacy, and an appropriate photo of the owner. This isn't a trick that would be particularly safe for the guy working the next cubicle - much less two flights down.
The simplest solution for a single camera might be to a take a second picture at some random time after you log in.
How long would you be willi
What about a FaceBook image printed out? (Score:2)
Can you just open your cell phone, go to FaceBook, get a profile image of the laptop owner onto the screen and hold it in front of the camera?
But will it recognize your expression and auto- (Score:3, Funny)
Re: (Score:2)
I had to check but looks like there's a .ap TLD.
The ball is in your court.
Twins? (Score:1, Insightful)
So apparently they forgot that there's such a thing as identical twins...
Also, what happens if you change your hair or makeup or something else? Suddenly you might not be able to get into your computer
!news (Score:2)
facebook (Score:3, Insightful)
I have been using it for the past couple of months on my netbook. It does a pretty good job as long as you aren't wearing glasses, and you are well lit. Most of the time, the lighting is not good enough, and I would need to remove my glasses. It seems to do well enough discriminating between other people though. I tried it with several different family members and co workers, and it never allowed them. It will log bad attempts, and save pictures of the attempted logins. It also has a mode to detect if a photo is being used to log in. That seemed to work blocking photos as well. I never tried the encryption mode, but since it is Lenovo, I'd bet it has a back door for the Chinese government.
Unless they get it to work in low light though, it's not ready for prime-time.
Re: (Score:2)
Re: (Score:2)
"It does a pretty good job as long as you aren't wearing glasses, and you are well lit."
Well, I'm always well-lit, but the computer just can't detect me through the haze of smoke, maaaaaaaaaaan.
Lenovos already use finger print (Score:2, Insightful)
Whats wrong with finger print readers? I have a Lenovo laptop with a finger print reader and I couldnt be happier with it. This article is not entirely correct in saying face recognition to replace passwords since passwords are only used as backup authentication with most existing Lenovos. It sounds interesting but I dont really see the point. Unless of course you dont have fingers but then using a keyboard would be a bit hard to start with. Sound more trouble than its worth tho given skin tone issues.
Re: (Score:3, Interesting)
More realistically, it probably has a lot to do with the fact that fingerprint readers have a per-unit hardware cost, and are typically used to identify the laptop as a "corporate" model, while facial recognition is just software on top of the webcam that virtually all consumer laptops get anyway. It didn't cost nothing to write; but each copy costs nothing to load.
Re:Lenovos already use finger print (Score:4, Informative)
Finger print readers are about the easiest of the biometrics to crack. The press-and-hold type of scanners you can usually just use fingerprint dust and clear tape to fool them, and you can get a good print right off the scanner. For the slide-type readers, you have to lift the finger print then make a transparency to break in. Not exactly difficult.
Seriously, Mythbusters did an episode on it, and it was shockingly easy to break into a fingerprint locked computer or door.
Stick with a password if you care anything at all about your data. If you don't want anybody to get your data ever, encrypt and lock your machine with a passphrase. If you just want to nominally lock the machine (like setting the little chain lock on an apartment door or using WEP for your wireless router), then biometrics are fine.
Re: (Score:2)
Quite a few things:
Biometric authentication should be "something you are", and fingers are, alas, "something you have". Which is open to loss, thievery and duplication.
Old News? (Score:1)
Aren't these the laptops that... (Score:3, Informative)
are full of bloatware? I thought I read somewhere that these rank number one or something.
Re: (Score:2)
The most annoying thing is the mcafee since it pops up every time you do something and asks you if you're sure. The other thing that sucks is that it's multitouch. At least with other tablet pcs you have a stylus and can accurately 'click' on things. On this every time I try to hit minimize I end up closing the window lo
They did this in 2001 on my Thinkpad T22 (Score:2)
Back in 2001 for my Thinkpad T22, when you got the camera attachment for the top of the screen it came with a face recognition screensaver. It was pretty amazing how fast it recognized you and unlocked the screen.
so... (Score:5, Interesting)
Re: (Score:1)
Re: (Score:3, Insightful)
Why just dandy, it will unlock for both of them! And anybody who has a decent photo of either of them too!
Seriously, the current state of biometrics are laughably insecure. A simple non-dictionary password, even a 6-8 digit PIN, beats a biometric lock any day of the week.
Basically, when you see a machine or door with a biometric lock, it's like securing your wireless network with WEP. All you are doing is saying "Please don't break in - thanks!" You aren't actually protecting anything.
Until they can rel
Re: (Score:2)
Been done (Score:1)
My Dell laptop I bought a year and a half ago shipped with software to do exactly the same thing. I ended up disabling it because it took so much longer for the webcam to fire up and the software to do its thing than for me to just type in a password. This is with a Dell Studio XPS 13, though I wouldn't be surprised if this software shipped on other lappies as well.
Re: (Score:2)
Not to mention the fact that it is orders of magnitude less secure than a simple password (it can be beaten with a photo).
It's cool and all, but completely worthless until the technology makes some serious leaps and bounds.
Beards (Score:2, Insightful)
Denial of Service (Score:5, Insightful)
Method #1 - The Lens Scratch - No need for a special Key! You can use your own!
Method #2 - The Face Punch - Requires shockingly little computational resources!
This isn't new (Score:1)
Re: (Score:2)
That's what I was thinking. I bought a old refurbished S10 netbook awhile back that had it. It's probably 1-2 years old now.
Re: (Score:2)
Re: (Score:1)
Do you have to go to orbit for it, or does the camera have enough resolution to recognize you when looking towards the satellite from ground? :-)
great (Score:3, Funny)
now instead of scalping someone's finger to access their stuff, now i have to pull a hannibal lecter
Coming up in Google Trends (Score:2)
Old News? (Score:2)
Neat things: You can make movement a requirement for login (like you have to shift your head, open your mouth, etc) in order to bypass people using your picture to login. As for fals
Re: (Score:2)
The one my Dad got a year and a half ago had it, I remember because it was the first thing I had to disable for him.
Nifty (Score:2)
The technology is pretty nifty. At work, where we bring in many customer laptops to do virus cleanings etc., one computer had a very long and annoying password. After logging in once, then needing to reboot, I went to log in again, and the login box flashed away just as I put my hands to the keyboard. I logged back out to check, and I found that it had taken a sample image of my face on my first login without my noticing (it did say it was doing it; I just wasn't paying attention), and on the second login i
Oh come on (Score:4, Insightful)
People still don't get it.... (Score:2, Insightful)
1) They are a secret
2) They can be changed at will
3) They don't require a physical feature (you can keep them in your mind).
Biological features are thought to be great because of their uniqueness. But the problem is that once they are compromised, it is permanent. So they are never good by themselves.
stereoscopic (Score:2)
Why not ? (Score:3, Insightful)
1- The best security is something you know + something you have, so password + face sounds good.
2- Oftentimes, when you use only one of the two (password, key card...) or even with both, people misuse security so much (staying logged in, reusing passwords, weak passwords...) that face on its own feels better.
3- And it can re-authenticate periodically without being too intrusive, which is good, too. It could maybe even detect as soon as the user changes ?
The one question is , how often do webcams fail, because the day I'm locked out of my computer by a faulty cam, I'll be pissed.
Fingerprints (Score:3, Funny)
What the hell happened to fingerprint scanners? I thought they'd be on every keyboard by now and we'd be passed all this password crap.
Makes sense... (Score:2)
Why not a car-key compatible device? (Score:2)
I'm already investigating the possibility of altering the lock of the front door of my house to electronically open as I approach the door and I would like to do the same with my laptop. I think
I wouldn't trust it (Score:2)
My brother had an Acer with face-based login. I could always get it to let me log in with my face instead (he was around, we were messing with it), no matter how many times he trained it.
Re: (Score:2)
And no, we're not twins. Our faces our similar to some degree, since we're brothers and all, but not that close.
Security and the morning cleanup (Score:2)
Re: (Score:2, Insightful)
What about combining this with a normal password? Then an attacker would need both your picture and your password.
OTOH, you might want to keep a picture of yourself, in case you get injured at your head and the bandage makes your computer not recognize you.
Re: (Score:2, Informative)
Re: (Score:3, Insightful)
"Sometimes it won't let me in even though is my exact same face (maybe different way of combing it)"
You comb your face? Just get a razor, man!
Re: (Score:2)