This Software Never Forgets a Face
If you’re smart, you use a complex password for every secure website you log in to. If you’re human, you’re sick and tired of having to remember complex passwords for every secure website you log in to. SensibleVision promises a better solution in the form of software that logs you in practically the instant it recognizes your mug. I’ve been using a beta version of the program on a Windows laptop, an iPad, and an Androidsmartphone, and have been very impressed so far.
If you’ve been following the epic fail of Android 4.1’s Face Unlock feature, you’re probably snickering. Jelly Bean had barely emerged from Google’s labs when people figured out that Face Unlock could be fooled by a simple photograph of the user’s face. Google quickly tweaked Face Unlock so that you had to blink to prove you were human, but that didn’t provide much of an obstacle, either. So what makes FastAccess any more secure than Face Unlock?
For starters, FastAccess offers two-factor authentication: Choose this option, and in addition to enrolling your face, you’ll also preregister either a connect-the-dots gesture or a symbol (such as a snowflake, puzzle piece, butterfly, and so on); both elements will be required to log in. So even if hackers successfully trick the facial-recognition algorithm using a photo or video—a feat I couldn't accomplish with this software, by the way—they’d also need to know your secret gesture or symbol before they could pose as you. These elements pop up in random areas of the screen, to prevent finger smudges from giving them away.
Secondly, SensibleVision maintains that FastAccess doesn’t simply enroll your face the first time you use it, but that it learns new elements of your features each time you use it. The software tracks approximately 400 to 1000 points and contours of a person’s face, including the eyes, nose, and mouth. Hairstyle and eye, skin, and hair color are not taken into account, since the user might change these features (and the camera could induce color shifts).
FastAccess can use facial recognition to unlock your Windows desktop or laptop computer (provided it’s equipped with a webcam, of course), but it can’t do this on a Mac because Apple forbids third-party developers from implementing such measures; the same goes for iOS devices. SensibleVision plans to add an unlock feature to FastAccess for Android, but the company doesn’t recommend locking mobile devices. And when you hear the reason why, it makes perfect sense.
“A computer is accessed less frequently and is used for longer periods of time than a phone or tablet,” explains SensibleVision senior project manager Darin Beery. “Locking a computer is entirely appropriate. A phone is accessed much more often, typically for very brief periods of time—often measured in mere seconds—and often for tasks which require no security. Forcing the user to authenticate to play a game, check the weather, or navigate their car is unnecessary and creates frustration; which typically leads to no security at all.”
FastAccess can also track users while they’re using a device and quickly switch between authorized users. I established one profile for myself, and a second for my wife on the same iPad. When I handed the iPad over to her, FastAccess immediately recognized her face and prompted her to choose her security symbol.
On my Windows PC, I was able to configure FastAccess to automatically lock the computer when I walked away from it, and it would recognize my face and unlock the computer in less than two seconds when I moved back in front of the computer’s webcam. While you might not need that level of security at home, it could be a boon to businesses with high security needs or medical practices that must comply with strict governmental privacy regulations, such as HIPAA (the Health Insurance Portability and Accountability Act of 1996).
As I mentioned earlier, FastAccess is even more useful when it comes to logging in to secure websites, such as online banking, online shopping, and webmail. The first time you visit such a site after installing the software, it will ask if you want it to remember your login credentials. If you do, the next time you visit the site, FastAccess will pop up, examine your face using the device’s camera, and—provided it recognizes you—prompt you to enact your preset gesture or choose your preselected symbol. If both factors are recognized, it will log you into the site without your having to type in your credentials.
In my experience, this routinely happened more quickly than I could have typed them in; more importantly, it allowed me to create extremely complex passwords that I never needed to memorize. And if you access these sites using multiple devices, FastAccess will automatically download this information to each device on which the software is installed.
In order for all this to work, you’ll need to set up an account on SensibleVision’s servers, where all your login credentials and passwords will be stored. After the security lapses at sites such as LinkedIn, Sony, and Yahoo, we should all be wary about storing such sensitive information in the cloud. SensibleVision, with a background in enterprise data security, uses 256-bit AES keys to secure each user’s credentials while they’re stored and while they’re in transit.
But the company goes one step further: Rather than encrypting an entire database of user accounts by employing a single master key, SensibleVision encrypts each individual account using a unique and independent key. If hackers ever manage to break into one user’s account, only that user would be affected—the rest of the database would remain secure. “This effectively removes an incentive hackers have to attack the database in the first place,” says Beers. “The effort required is quite high while the payoff is quite low.”
The downside to using a unique encryption key for each user is that you won’t be able to recover your SensibleVision account credentials from the cloud. If you forget your password, you’ll need to create an entirely new account. To avoid the hassle of reloading each individual login ID and passwords into your new account, the company will encourage users to create a password-protected backup, so that if you ever need to do this, you can simply upload the information all at once.
Availability (Updated 3/4/2013)
FastAccess Anywhere for Android devices is available at Google Play for free, and FastAccess for Apple's iPad, iPhone, and iPod touch is available at iTunes for free. To use the free apps, you must you must purchase an annual subscription to FastAccess Anywhere for Windows at $24.99 per year to establish your cloud account.