Some promising results from a very brief experiment with Windows 10 facial recognition login. Read the story, I’ll have comments at the end.
The face recognition process involves a RealSense camera made by Intel, which sits embedded above the display. Three cameras — featuring an infra-red lens, a regular lens and a 3-D lens — use photographic analysis, heat detection and depth detection to decide who is at your computer display.Personally I found face recognition worked a treat. The Lenovo Thinkpad Yoga 14 we used quickly identified who I was among several account holders, and in a flash logged me in.
Microsoft Hello was eventually able to identify Abby and Libby Sukkel.
In fact, it worked too well. On a few occasions after I logged out, the laptop’s camera noticed I was lingering at the display and quickly logged me in again.
But would it work with identical twins? Could the Lenovo distinguish between the two, or would the camera let the second twin log into an account registered with their sibling’s face?
We approached the Australian Twin Registry to find siblings who might be prepared to collaborate in our experiment.About 40,000 pairs of Australian twins are on the registry and make themselves available for health and medical research. We thought that a little digital research wouldn’t be a stretch.
If Hello were to fail the twins test, it would be a huge blow for Microsoft. One in 40 people is a twin, says ATR director John Hopper, and one-quarter to one-third of the pairs are identical. That’s 1 per cent of the population.
We worked with six sets of identical twins in Melbourne and Sydney. In each case, the procedure was the same. One twin would register a Windows account on the Lenovo Thinkpad and go through the face registration process. Users could enhance the camera’s accuracy by registering variations in appearance, such as wearing glasses.The first twin would make sure the computer reliably identified them before the moment of truth arrived. Could the second twin trick the camera?
Annabelle and Miriam Jeffrey were among those who failed to fool the technology. “It could distinguish between us two quite easily,” Miriam Jeffrey says. “It’s a little surprising, I thought it would have failed, but no, it was really good, it was really quick.”
But there’s a chance for togetherness, should twins want it. The Jeffreys later registered a Windows account using both their faces, whereafter both were able to use the same face recognition login.
Sharon Tay initially could not get facial recognition to work but eventually succeeded. Her sister Nicole couldn’t log in at all.
In the case of George and Henry Blood, 13, the computer correctly logged in Henry but not his brother. It eventually identified our youngest twins, Abby and Libby Sukkel, 8, and instantly distinguished between teenagers Issie and Tash Secanski.
In the case of Isabelle and Natalie Brown, 11, Windows Hello was unable to log in either. That was the only instance where the system failed. In the end, there were some cases of Windows Hello taking its time to identify a twin, but no case of it wrongly granting access. That’s a win for Intel and Microsoft.
Microsoft says hackers cannot steal your biometric information. The heat-sensing IR camera doesn’t allow access to someone waving a photograph in front of the camera. The IR camera also increases reliability in cases where users wear cosmetics, have facial hair or there’s a variation in lighting conditions.According to Microsoft, the biometric key is stored only on the device where facial recognition is established, and usable only with it. So a hacker would need to steal your computer to even attempt authentication.
Overall this is a very positive endorsement for the technology. I would have expected Microsoft and Intel to account for such an obvious use case as twins before releasing a security-related product, and it looks like they did.
I wouldn’t call the results of 6 tries “definitive,” though. It’s a great start. A real experiment would have many more sets of twins and triplets partaking. I’m sure that’s what Microsoft did.
However, who is going to trust Microsoft when it says “hackers cannot steal your biometric information” or “the biometric key is stored only on the device where facial recognition is established, and usable only with it. So a hacker would need to steal your computer to even attempt authentication.” Microsoft regularly has security holes patched in all of their software. Of course they also declared that Windows XP was the most secure operating system ever. Whoops.
I’d like to see more technical details on how the biometric key is created and stored. If the system really is secure, Microsoft wouldn’t have a problem disclosing that information. I’d also like to see experiments on how facial injuries might inhibit a user’s ability to login. If I get an eye patch or a bandage to cover a forehead laceration, will that preclude me from logging in until I’m healed?
And of course lets not forget about all the private data purposefully fed back to Microsoft for Windows 10 and now Windows 8 and even 7.
One more thing: This statement disturbed me – “In fact, it worked too well. On a few occasions after I logged out, the laptop’s camera noticed I was lingering at the display and quickly logged me in again.” I’m sure this can be fixed, but this is a gaping security hole.
I’m not signing up for it anytime soon. I think the technology needs some more time to mature.