Imagine a whole new type of password – one that lets you dispense with all those numbers, letters and symbols, but is still impenetrable to attackers.
Researchers at Britain’s University of York and the University of Glasgow have created a new password system that could one day allow users to access their bank accounts, their phones or their favorite websites simply by picking out a familiar face from a grid of nine faces, four times in a row.
Additional Images
They call the system Facelock, and according to a new study published in the journal Peer J, it is teeming with benefits. Most impressively, users were able to log into a test system using Facelock after not using it for an entire year.
Facelock is not the first password system to experiment with graphical elements. But Facelock has an important difference. The images in the Facelock system are always changing.
The research team explains that people do not recognize all faces equally. We have no trouble identifying a familiar face. On the other hand, when a face is not familiar to us, we are likely to think that different images of the same person are actually images of different people.
This psychological phenomenon can be frustrating to police when they ask a witness to identify a person, but in the case of Facelock, the researchers were able to exploit it for the good of frustrated password users. They proposed that even a nefarious “shoulder surfer,” who was spying over a user’s shoulder when that user selected a familiar face, would have trouble picking out the same person in a different image.
To test this hypothesis, they asked 120 volunteers to come up with a “Z-list celebrity” – someone for whom there would definitely be pictures on Google Images, but who was only known to a narrow group of people. After the Z-list celebrity had been selected, the volunteers were asked to log into a website using the Facelock system. One week after having selected their familiar faces, 97.5 percent of participants had no problem logging on. One year later, 86.1 percent of participants were still able to choose their Z-list celebrity’s face..
Facelock was found to be essentially impermeable to people who don’t know the users. Even people who were very close to the users were only able to get through all four grids successfully 6.6 percent of the time.
It may sound good, but you shouldn’t expect to see Facelock coming on the market anytime soon. Still, those of us who loathe the direction pass codes have gone can dream of a day when all it requires to check bank statements is to pick out a face.
Copy the Story LinkSend questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.