Facial Profiling

Forget your password again? This system turns the problem about-face.

THE Internet can make many aspects of life easier, such as managing inventory, safety compliance, and worker's compensation claims; but the prospect of remembering more passwords isn't one of them.

Tom Hagan, executive vice president and CIO of ParadigmHealth Inc., a New Jersey-based health care management company that provides online information access to both patients and physicians, said his company has been forced to deal with the task of increasing security of online data while easing access to its users. "Millions of people are accessing personal health records and you need to put very strong authentication in front of those applications." But with anything involving e-commerce and consumers, the challenge is having very high security requirements, he added.

The large number of online users increases the probability that alpha/numeric passwords will be forgotten or misplaced when needed. This possibility requires ParadigmHealth to invest countless time and money in a support hotline and other backup options that provide customer support. These added costs are ultimately passed on to customers. "It becomes very difficult to support. When people forget their passwords, they need a place to call," Hagan said.

Left-Brain Thinking
The answer for ParadigmHealth came in the form of the Maryland-based Passfaces Corp. Using the brain's unique ability to recognize faces, a trait it is believed humans evolved in order to separate friend from foe, the passfaces™ software replaces traditional alpha/numeric passwords with a set of three to seven faces, each separately placed within a grid of nine faces, similar to the arrangement that began every episode of "The Brady Bunch" television show. Users identify the correct face in each series of screens in order to gain access. But how can one be certain that a person will recognize up to seven faces easier than remembering one password?

Research conducted by Professor Hadyn Ellis at the University of Wales Cardiff's School of Psychology has indicated that the left side of the brain has a special component whose sole function is to recognize faces. This innate ability allows infants to recognize their mother after only two days and adults to know within twenty-thousandths of a second when they have seen a familiar face.

Patricia Lareau, Passfaces vice president of product development, compares remembering alpha/numeric passwords versus passfaces to early school days when students hoped their test was multiple choice rather than fill-in-the-blank. "You remember when you were back in school, someone would ask you a question and you had to fill in the blank; that's a kind of a cued recall, and we hated those kinds of tests," she said. "And then there's recognition, where you would be given choices, and you'd recognize one of them. Recognition is by far the strongest form of memory and, because there's a part of the brain that focuses on faces, the recognition of faces is even more special."

Increased Security, Increased Ease
Hagan noted that other than easing the memorization process, the technology heightens security access by eliminating the ability to write down a password, give it to another person, or guess it. "If you make a password highly memorable, it becomes less secure. Passfaces works in the exact opposite way; it drives up security but makes it a lot easier to remember," he said, emphasizing that he particularly liked how the system prevents clients from passing access information to others. "You can't say, 'Oh, it's the person that looks like this and the person that looks like that.'"

Other steps have been taken to help the users make permanent associations with their selected passfaces. All faces are smiling because people are more likely to recognize a definite expression rather than a neutral look, and people prefer happy faces to sad or menacing ones. Another important factor is context. Adults tend to more easily recognize people whom they perceive as important to them. The importances of a user's passfaces are implied because they will always be used in the context of gaining access to a secure Web site or system. Also, the eight other decoys grouped with each passface will never change. This reinforces Semantic Priming, which occurs when the user's brain forms relationships with the correct passface and its decoys. If a user insists on a traditional alpha/numeric password, passfaces can be combined with one as part of a dual form of authentication.

Lareau said Passfaces' greatest strength is in its universal fit for Web-access applications. For example, if a company wants to restrict online access of employee information or access to online MSDSs for a particular plant thousands of miles away, rather than carrying a long list of passwords for each application, users would only need to remember one set of passfaces. As an example, Lareau mentioned one client company that allowed an employee to use passfaces instead of its traditional access items. Now, three years later, 95 percent of the client's employees use passfaces instead, and none have forgotten them.

Passfaces also has possibilities for applications beyond Web-access. Lareau cited the example of one client company that considered using passfaces with its fleet of forklifts. "It was more so they could have access right on the forklift," she said. "Workers would use passfaces to access their databases for the location of stuff in their warehouse."

One drawback to passfaces technology involves the affected few that can't use it. Researchers differ greatly on the subject of prosopagnosia, or face-blindness, with the most extreme group believing that to some degree it affects as much two percent of the population. Yet, even this large estimate pales in comparison to the five percent of the population that suffer from dyscalculia, a sort of "number blindness." Some research suggests prosopagnosia is genetically inherited, while other research shows that it can occur as the result of suffering severe head trauma. Regardless of the cause or the extent of its proliferation, those affected are unable to recognize faces, even those of family members or their own. To work around this disorder, victims learn to identify acquaintances through other means, such as the sound of a person's voice or laugh, or a person's gait. In this instance, those affected would be forced to use traditional password methods or rely on a trusted colleague or family member when securing important information.

As industry continues to integrate with an increasingly wireless Internet, the need for a method to access these applications that is secure, easy to remember, and easy to use will grow. Passfaces is positioned, quite literally, to face these requirements head-on. "Internet access to Web applications has been the number one place for passfaces," said Lareau. "Regardless of what particular application it is, whether it's financial services or a health care portal like ParadigmHealth is doing, anyplace where you have multiple people coming from multiple places to access data, passfaces is a perfect authenticator."

This column appeared in the September 2006 issue of Occupational Health & Safety.

This article originally appeared in the September 2006 issue of Occupational Health & Safety.

Download Center

HTML - No Current Item Deck
  • Safety Management Software - Free Demo

    IndustrySafe Safety Software’s comprehensive suite of modules help organizations to record and manage incidents, inspections, hazards, behavior based safety observations, and much more. Improve safety with an easy to use tool for tracking, notifying and reporting on key safety data.

  • Create Flexible Safety Dashboards

    IndustrySafe’s Dashboard Module allows organizations allows you to easily create and view safety KPIs to help you make informed business decisions. Our best of breed default indicators can also save you valuable time and effort in monitoring safety metrics.

  • Get the Ultimate Guide to OSHA Recordkeeping

    OSHA’s Form 300A posting deadline is February 1! Are you prepared? To help answer your key recordkeeping questions, IndustrySafe put together this guide with critical compliance information.

  • The 4 Stages of an Incident Investigation

    So, your workplace has just experienced an incident resulting in the injury or illness of a worker. Now what? OSHA recommends that you conduct investigations of workplace incidents using a four-step system.

  • Why Is Near Miss Reporting Important?

    A near miss is an accident that's waiting to happen. Learn how to investigate these close calls and prevent more serious incidents from occurring in the future.

  • Industry Safe
comments powered by Disqus

Free Whitepaper

Stand Your Ground: A Guide to Slip Resistance in Industrial Safety Footwear

This white paper helps to clarify this complexity, so you can better navigate the standards and better ensure the safety of your employees.

Download Now →

OH&S Digital Edition

  • OHS Magazine Digital Edition - November December 2019

    November/December 2019


      Redefining Compliance for the Gas Detection Buyer
      Don't Trip Over the Basics
      What to Look for in Head-to-Toe PPE Solutions
      Effective PPE for Flammable Dust
    View This Issue