Facelock – a new type of password – Author Interview
What if we could use an authentication system that doesn’t require the user to remember a password? Rob Jenkins and his colleagues made this possible by creating a new type of authentication system based on face recognition. Their article ‘Facelock: Familiarity-based graphical authentication’ was published today.
This is a very interesting initial study which combines the cognitive science of face perception and the computer science of secure authentication, and so we invited Rob Jenkins, first author on the study to answer a few questions.
PJ: Can you tell us a bit about yourself?
RJ: I’m a cognitive scientist. I do experimental research on the basic building blocks of thinking, specifically perception and memory. Most of my research is on the topic of face perception, and how we identify each other from face images. This is my first publication with a computer scientist.
PJ: Can you briefly explain the research you published in PeerJ?
RJ: People forget passwords all the time. We wondered if we could design an authentication system that doesn’t require the user to remember anything, without resorting to biometrics. The psychology of face recognition suggests one way to do this. People can identify familiar faces across a wide range of images. But for unfamiliar faces, simple changes in viewpoint, lighting, and expression make it hard to tell who’s who. Because different people know different faces, we can exploit this familiarity contrast for authentication: if the user can recognize faces that only you know, then the user must be you. It’s a slightly different way of thinking about the problem, but it works.
PJ: Do you have any anecdotes about this research?
RJ: For us, it was a classic case of scientific serendipity. Karen Renaud came to see me about postgraduate administration. I knew that Karen was a computer scientist, but I didn’t know anything else about her. Once the admin was done, we got talking about Karen’s research on secure authentication, and my research on face recognition, and within about twenty minutes we had this idea sketched out. I don’t think either of us would have hit upon it alone. Jane McLachlan won a vacation scholarship to work on the project, and she did a really great job.
PJ: Why did you choose to reproduce the complete peer-review history of your article?
RJ: PeerJ has nailed its colors to the mast on openness and transparency. Having approached PeerJ as an outlet, it would seem odd not to follow the house style. It’s an interesting model.
PJ: What kinds of lessons do you hope the public takes away from the research?
RJ: Image recognition is not the same as face recognition. Unfamiliar face recognition is not the same as familiar face recognition.
PJ: Where do you hope to go from here?
RJ: We published the work to make it freely available to developers. We have shown that the concept is sound. Hopefully others can now build on it and refine the implementation. We would be happy to share our experience with anyone who plans to do this.
PJ: How did you first hear about PeerJ, and what persuaded you to submit to us?
RJ: I was reading a lot about open access around the time that PeerJ launched. I think I first read about the launch on Mike Taylor’s blog. He was among the very first PeerJ authors and he had only good things to say about the experience. I’ve been wanting to have a go ever since!
PJ: How was your overall experience with us? Anything surprising?
RJ: The whole process has been terrific. The standard is high, the service is professional, and the attention to detail is very impressive.
PJ: And how would you describe your experience of our submission/review process?
RJ: The submission process is the best I have encountered, bar none. A lot of thought has gone into its design, and that is absolutely evident to the user. I actually enjoyed the submission process, which is definitely a first. As for the review process, it was thorough and fast. The website advertises a median review time of 24 days. I got three reviews back in 25 days, which is extraordinary. It was clear that all three reviewers had taken the time to read the paper carefully and had properly understood it. Cursory, slow reviewing damages scientific publishing, so I was very pleased to see that PeerJ has got the review process right.
PJ: Would you submit again, and would you recommend that your colleagues submit?
RJ: Yes, absolutely.
PJ: In conclusion, how would you describe PeerJ in three words?
RJ: Prestigious, professional, fast.
PJ: Many thanks for your time!
RJ: Thank you!