Faces Are the New Secure Passwords

Future Tense
The Citizen's Guide to the Future
June 24 2014 6:45 AM

Faces Are the New Passwords

facelock3

Shutterstock/Getty

This article originally appeared at Science of Us.

One of the nine faces above is familiar to me, but the rest aren't. Can you pick it out? The answer is at the bottom of this post, and I don't like your odds. This grid is a "facelock," an alternative to the password system most websites use, and a study soon to be published in PeerJ suggests that facelocks are a promising method of ensuring online security.

Advertisement

No one likes passwords, after all—they're tricky to remember and require frequent re-dos for security purposes. Facelocks, explain the study authors, could provide a viable alternative by capitalizing on a major strength of humans: We're great at recognizing faces, and particularly at distinguishing familiar from unfamiliar ones.

The study, conducted by researchers at the Universities of York and Glasgow, tested the feasibility of a facelock that blocks access to a given program or device until the user can recognize several familiar faces in a sea of unfamiliar ones. Users selected faces familiar to them, and then both they and hypothetical "attackers" were asked to try to get into their accounts by successfully selecting the right face out of a grid of nine four times in a row.

What's key here is that an effective facelock doesn't ask you to pluck out Kanye West from a bunch of random stock photos — rather, the strength of this sort of system relies on users selecting photos they can easily recognize, but few others can. So it was recommended to the study participants that they choose their favorite "Z-List" celebrities, like famous cellists or skiers (sorry, professional cellists and skiers). Friends and family members wouldn't be a good idea on the off chance one of them tried to crack your e-mail.

This was more of a proof of concept than a massive study of a near-finished product, but still, the study showed that a system like this could potentially work well. On the usability side, 97.5 percent of users could get into their hypothetical account a week after selecting faces for a facelock system, and a full year later that number had only dropped to 86 percent (think of what your success rate would be for a password you didn't use for a year). As for security, neither strangers (0.9 percent) nor close friends and family members of the person who chose the photos (6.6 percent) had much luck cracking facelocks, and those numbers dropped even further when it came to succeeding on the first attempt.

As for the above, the handsome gent in the middle of the right column is legendary-to-Patriots-fans wide receiver Troy Brown. Maybe he's a bit too famous for use as a facelock face, but given all the exciting moments he provided me and other New Englanders over the years, I'd trust him with my data any day.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Jesse Singal is a senior editor at NYMag.com, where he edits the social-science blog Science of Us. Follow him on Twitter at @jessesingal.  

  Slate Plus
Slate Picks
Dec. 19 2014 4:15 PM What Happened at Slate This Week? Staff writer Lily Hay Newman shares what stories intrigued her at the magazine this week.