A new study from the University of York, published in the journal PeerJ, tries a new approach to a little bit of antiquated security. Many people use a secure PIN or pattern to lock their smartphones. But the study suggests that those methods are neither particularly secure nor particularly user-friendly. The fix? Faces.
The study’s two authors, David Garner and Rob Jenkins, theorize that a PIN or pattern unlocking system is inherently weak (not a new idea; we’ve seen solutions for this problem before). For one thing, it’s static: If someone can learn your four-digit PIN or your simple pattern, they have the key to your phone. (Because the PIN or pattern is the same every time.) The other problem is that you have to commit it to memory–unless you use the same PIN for your phone and for your ATM card, which is in itself a problem.
Their solution relies on the human mind’s ability to recognize familiar faces. We’re all familiar with, say, certain celebrities, even if those celebrities are not necessarily familiar to everyone else–up-and-coming athletes, niche actors, some bass player you always had a crush on. This concept forms the backbone of this system. The result of the study is a piece of software called Facelock (no relation to another Android/iPhone app of the same name) which asks you for the names of some of those people and then presents different photos of them, along with photos of strangers. To unlock your phone, you simply tap the face of the person who’s familiar.
This is a very difficult password to crack, the authors argue. It constantly changes, and you get different pictures of the person with whom you’re familiar (and the strangers) each time you unlock your phone. So a thief or hacker can’t simply memorize a code to get in. The study even allowed would-be attackers to watch someone using Facelock, but once the pictures changed, the attackers had no success breaking in. Wonderfully, you don’t have to memorize anything–recognizing faces is a powerful instinctual reaction.
Facelock isn’t available publicly, but it’s very clever–we wouldn’t be surprised to see it implemented by a smartphone maker in the future.