Cell phone camera photo override password: secure-IT is not perfect information
According to foreign media reports, pictures has long been a symbol of narcissism and excessive share, now found a more serious purposes.
Enterprises and Government agencies--including a taxi service providers Uber, credit-card giant MasterCard, Alabama – require the Inland Revenue Department users and residents in the Smartphone from the photographs as proof of their identity. As smart phone camera quality improved, and facial recognition software becomes more affordable, digital future may involve less complex passwords and more pictures. But the pictures there is a drawback: some cybercrime experts are concerned that people can quickly upload their smiling faces, but the technology is rife with privacy and security issues.
"People see this technology and that it is automatically safe, but in the end it all comes down to math," global security consultants, make·gudeman, author of the book the future of crime (Marc Goodman), "said facial recognition in addition to exclude password management challenges, no security at all. ”
Facial recognition is part of the broader field of biometrics, mainly for security purposes in the field, analysis of human physical characteristics, including fingerprints, eyes and voice. The technology is designed to help combat fraud and making it more easy numbers to verify a person's identity.
Certification process often begins with an application, each time the application requires the user to do things on the Internet, such as online or submit their tax time to manage their photos. Thousands of facial measurement software uses photographs, such as the width of the nose, or the curve of the Chin, and convert them to a string that is used to create a unique identification code. Then, it compares the user has left on the file reference photos by pairing to verify the user's identity.
Facial recognition degree of accuracy is far from perfect. Shadow, dark, facial hair is likely to haunt the software. Alphabet picture of a Google developed its application last year, had two black men as "gorilla", which highlights the current defects of facial recognition technology. Google has apologised, and adjust algorithm to solve this problem.
Another drawback: as hackers become more sophisticated, they may find more valuable than passwords and biometric data permanently. And password, face or fingerprint cannot be easily changed.
In 2014 and 2015, hackers from the United States Office of personnel stealing 5.6 million federal employees ' fingerprints. The spokesman had said that "Federal experts say that hackers the ability to abuse the fingerprint data is limited, but with the development of technology, the possibilities will vary. ”
However, some companies are expanding self-based authentication procedures. Uber said last month, the company will be in the United States launched a safety camera feature--real-time identity checks (Real-Time ID Check). Uber Uber drivers before system, requires the use of a mobile phone photos, thereby further authentication, ensure a consistent Uber driver head and drove himself. This function uses the cognitive services technology of Microsoft, Uber has now started in the United States introduced this feature in some cities. This feature to some extent, can ensure the safety of passengers and drivers. Uber drivers need to take pictures through certification before beginning to form. Uber said that although the company's tests in the past few months there have been some mistakes, but this feature has been certified 99% drivers.
This month, MasterCard launched a called "Identity Check Mobile", encouraging users to online using a credit card through self certification. When the user makes a transaction, you will receive a message that opens the application, and requires the user to stare at the smart phone the number on the box. The app asks users to blink, so no photos of people unable to use the print to cheat the system. Has been launched in the European "Identity Check Mobile" project of MasterCard said 92% users participating in the test project, hoping to use the biometric techniques to alternative mobile banking login, enter the password.
United Kingdom Bank last month also launched a similar program, allowing users to use pictures to open an account. HSBC will hold a user's photos they upload photos on the driver's license or ID card.
Local governments are also considering using photos to verify identity. The end of the year, tax Department plans to use MorphoTrust of Alabama and Georgia USA application, to authenticated users submit rebate online. The application will take the user to upload pictures with the Department of motor vehicles databases than in the photos.
At the back of these, using facial-recognition software companies bear the responsibility of keeping data safe. Some companies, including MorphoTrust, stored in the user's biometric data
Applications, on the server instead of in the company. Some companies, like MasterCard, face early pictures are stored on the server. A MasterCard spokesman said, after the converted data, and encryption, and initial image will be deleted. MasterCard plans next year, allows users to store data on your mobile device.
The Electronic Frontier Foundation (Electronic Frontier Foundation) senior consultant Jennifer Chambers Lynch (Jennifer Lynch) warned that hackers have been staring at the bio-data, will be looking for ways to use these data. "Once such data are stolen, will face a huge risk," she said.
手机自拍照片替代密码:不完美的安全 - IT资讯
据外媒报道,自拍照长期以来一直被视为自恋和过度分享的象征,如今找到了一个更严肃的用途。
企业和政府机构--包括打车服务提供商Uber、信用卡巨头万事达卡、阿拉巴马州税务局--目前都要求用户和居民在智能手机上拍摄自拍照,作为他们的身份证明。随着智能手机摄像头质量的改进,以及面部识别软件变得更加实惠,数字未来可能涉及更少复杂的密码和更多的自拍照。但自拍照有一个缺点:一些网络犯罪专家担心,人们可能迅速的上传他们的笑脸,但该技术充斥着隐私和安全问题。
“人们看到这种技术并认为它是自动安全的,但最终这一切只归结到数学,”全球安全顾问、《未来犯罪》一书的作者马克·古德曼(Marc Goodman)说,“面部识别除了排除密码管理的挑战外,没什么安全性可言。”
面部识别是更广泛的生物特征识别领域的一部分,该领域主要出于安全目的,分析人类的物理特性,包括指纹、眼睛和声音。该技术旨在帮助打击欺诈,并使其更容易的数字验证某人的身份。
认证过程通常始于一款应用,该应用要求用户每次在网上做事,如网上购物或提交他们的税款时管理自己的照片。软件使用照片进行成千上万的面部测量,如鼻子的宽度或下巴的曲线,并将它们转换成字符串,用于创建一个唯一的标识码。然后,它会比较用户已在文件上留下的参考照片,通过配对来验证用户的身份。
面部识别技术的精确性还远未达到完美的程度。阴影、光线较暗、面部头发都可能会困扰软件。Alphabet旗下的谷歌开发的图片应用,去年就曾把两名黑人标注为“大猩猩”,这也凸显了面部识别技术当前的缺陷。谷歌已为此道歉,并通过调整算法了解决这一问题。
另一个缺点:随着黑客变得越来越狡猾,他们可能会发现生物识别数据比密码更有价值和永久性。与密码不同,脸或指纹不会轻易的发生变化。
2014年和2015年,黑客从美国人事办公室盗取了560万联邦雇员的指纹。该办公室发言人当时曾表示,“联邦专家认为,黑客目前滥用指纹数据的能力是有限的,但随着技术逐渐的发展,这种可能性也将会发生变化。”
不过,一些公司正在扩展基于自拍的身份验证程序。Uber在上月就表示,该公司将在美国推出安全自拍功能--实时身份检查(Real-Time ID Check)。Uber司机用Uber系统接单前,需要利用手机拍摄一张自拍照,借此来进一步验证身份,确保Uber司机头像与开车本人是否一致。该功能采用微软的认知服务技术,目前Uber已开始在美国一些城市推出这项功能。这项功能在一定程度上能确保乘客和司机的安全。Uber司机需要通过自拍照认证后才能开始接单。Uber表示,虽然该公司在过去几个月的测试出现了一些错误,但通过这一功能,已能够认证99%的司机。
万事达卡在本月推出了一款名为“Identity Check Mobile”的应用,鼓励用户在线使用信用卡时通过自拍进行认证。当用户进行交易时,会收到一条打开这款应用的短信,要求用户盯着智能手机上的数字框。该款应用会要求用户眨眼,因此没有人无法使用打印的照片来欺诈系统。已在欧洲推出“Identity Check Mobile”项目的万事达卡表示,92%参与测试项目的用户均表示,希望用这种生物识别技术来替代手机银行登录时需输入的密码。
英国汇丰银行在上月也推出了类似的项目,准许用户使用自拍照开设账户。汇丰银行会拿着用户的自拍照与他们上传的驾驶证或身份证照片进行比对。
地方政府同样也在考虑使用自拍照来验证身份。今年年底,阿拉巴马州和佐治亚州的税务部门都计划使用MorphoTrust USA开发的应用,来在线认证用户提交的退税。该应用将会把用户上传的自拍照与机动车部数据库中的照片进行比对。
在这些的背后,使用面部识别软件的公司承担了保持数据安全的责任。包括MorphoTrust在内的一些公司,都把用户的生物特征数据存储在
应用中,而不是存储在公司的服务器上。类似万事达卡在内的一些公司,都把初期的面部照片存储在服务器中。万事达卡发言人表示,在转换为数据和加密之后,初期的图像都会被删除。万事达卡计划在明年让用户在自己的移动设备中存储数据。
电子前沿基金会(Electronic Frontier Foundation)高级顾问詹妮弗·林奇(Jennifer Lynch)警告称,黑客一直盯着生物数据,会寻找使用这些数据的方式。“此类数据一旦被盗窃,将会面临巨大的风险,”她说。