Objective ad Verbatim:
“Cognitive biometrics holds great promise for adding two-factor authentication without placing a tremendous burden on the user. In this project, you participate in a demonstration of Passfaces.” (Ciampa, 2009)
Process:
1. Firstly, I pointed my web browser (Firefox!) to passfaces.com/demo to access the online Passfaces demo.
2. The web application displays some instructions to enrolling an account in the Passfaces demo.
3. Passfaces then presented three faces to use as ‘Secret Passfaces’ that the user would recognize to enter an account.
4. It puts forth the faces individually so as to accustom the user to their Passfaces.
5. When all the faces are shown, an array of faces of different ethnicity and structure containing one of the user’s Passfaces.
6. It continues on until the user is used to the practice login.
7. This brings us to the end of the demo.
Reflection:
This hands-on practical demonstrates the advantages and disadvantages of using cognitive biometrics to accompany or replace the traditional password/passphrase method of authentication. The premise for Passfaces employs the innate human ability to recognize faces and, in its essence, to detect the subtle differences in facial structure via a sensitive cognitive function.
From a radical point of view, this method of authentication would serve sufficiently for most people capable of sight. However, it does include drawbacks such as when a person suffering from face blindness or Prosopagnosia has to use Passfaces. The inability to recognize faces would render the whole facial recognition paradigm moot.
From a security risk point of view, if one were to attempt to crack the password simply via the method of brute force paired with luck (due to the limited number of pictures of faces) could break into a users account. Also, a variety of methods could be used to monitor the user’s choices when logging in, especially when the number of faces to remember has to be kept low such that the user can easily remember, to compromise the intactness of the account. With these concerns, a facial recognition system would probably work best paired with other forms of authentication in a multi-factor authentication system.
Sine Cera,
Jeremy Heng.
"Quis custodiet ipsos custodes?"
Hands-On Project 8.1 Sources
No comments:
Post a Comment