Facial Profiling

Forget your password again? This system turns the problem about-face.

THE Internet can make many aspects of life easier, such as managing inventory, safety compliance, and worker's compensation claims; but the prospect of remembering more passwords isn't one of them.

Tom Hagan, executive vice president and CIO of ParadigmHealth Inc., a New Jersey-based health care management company that provides online information access to both patients and physicians, said his company has been forced to deal with the task of increasing security of online data while easing access to its users. "Millions of people are accessing personal health records and you need to put very strong authentication in front of those applications." But with anything involving e-commerce and consumers, the challenge is having very high security requirements, he added.

The large number of online users increases the probability that alpha/numeric passwords will be forgotten or misplaced when needed. This possibility requires ParadigmHealth to invest countless time and money in a support hotline and other backup options that provide customer support. These added costs are ultimately passed on to customers. "It becomes very difficult to support. When people forget their passwords, they need a place to call," Hagan said.

Left-Brain Thinking
The answer for ParadigmHealth came in the form of the Maryland-based Passfaces Corp. Using the brain's unique ability to recognize faces, a trait it is believed humans evolved in order to separate friend from foe, the passfaces™ software replaces traditional alpha/numeric passwords with a set of three to seven faces, each separately placed within a grid of nine faces, similar to the arrangement that began every episode of "The Brady Bunch" television show. Users identify the correct face in each series of screens in order to gain access. But how can one be certain that a person will recognize up to seven faces easier than remembering one password?

Research conducted by Professor Hadyn Ellis at the University of Wales Cardiff's School of Psychology has indicated that the left side of the brain has a special component whose sole function is to recognize faces. This innate ability allows infants to recognize their mother after only two days and adults to know within twenty-thousandths of a second when they have seen a familiar face.

Patricia Lareau, Passfaces vice president of product development, compares remembering alpha/numeric passwords versus passfaces to early school days when students hoped their test was multiple choice rather than fill-in-the-blank. "You remember when you were back in school, someone would ask you a question and you had to fill in the blank; that's a kind of a cued recall, and we hated those kinds of tests," she said. "And then there's recognition, where you would be given choices, and you'd recognize one of them. Recognition is by far the strongest form of memory and, because there's a part of the brain that focuses on faces, the recognition of faces is even more special."

Increased Security, Increased Ease
Hagan noted that other than easing the memorization process, the technology heightens security access by eliminating the ability to write down a password, give it to another person, or guess it. "If you make a password highly memorable, it becomes less secure. Passfaces works in the exact opposite way; it drives up security but makes it a lot easier to remember," he said, emphasizing that he particularly liked how the system prevents clients from passing access information to others. "You can't say, 'Oh, it's the person that looks like this and the person that looks like that.'"

Other steps have been taken to help the users make permanent associations with their selected passfaces. All faces are smiling because people are more likely to recognize a definite expression rather than a neutral look, and people prefer happy faces to sad or menacing ones. Another important factor is context. Adults tend to more easily recognize people whom they perceive as important to them. The importances of a user's passfaces are implied because they will always be used in the context of gaining access to a secure Web site or system. Also, the eight other decoys grouped with each passface will never change. This reinforces Semantic Priming, which occurs when the user's brain forms relationships with the correct passface and its decoys. If a user insists on a traditional alpha/numeric password, passfaces can be combined with one as part of a dual form of authentication.

Lareau said Passfaces' greatest strength is in its universal fit for Web-access applications. For example, if a company wants to restrict online access of employee information or access to online MSDSs for a particular plant thousands of miles away, rather than carrying a long list of passwords for each application, users would only need to remember one set of passfaces. As an example, Lareau mentioned one client company that allowed an employee to use passfaces instead of its traditional access items. Now, three years later, 95 percent of the client's employees use passfaces instead, and none have forgotten them.

Passfaces also has possibilities for applications beyond Web-access. Lareau cited the example of one client company that considered using passfaces with its fleet of forklifts. "It was more so they could have access right on the forklift," she said. "Workers would use passfaces to access their databases for the location of stuff in their warehouse."

One drawback to passfaces technology involves the affected few that can't use it. Researchers differ greatly on the subject of prosopagnosia, or face-blindness, with the most extreme group believing that to some degree it affects as much two percent of the population. Yet, even this large estimate pales in comparison to the five percent of the population that suffer from dyscalculia, a sort of "number blindness." Some research suggests prosopagnosia is genetically inherited, while other research shows that it can occur as the result of suffering severe head trauma. Regardless of the cause or the extent of its proliferation, those affected are unable to recognize faces, even those of family members or their own. To work around this disorder, victims learn to identify acquaintances through other means, such as the sound of a person's voice or laugh, or a person's gait. In this instance, those affected would be forced to use traditional password methods or rely on a trusted colleague or family member when securing important information.

As industry continues to integrate with an increasingly wireless Internet, the need for a method to access these applications that is secure, easy to remember, and easy to use will grow. Passfaces is positioned, quite literally, to face these requirements head-on. "Internet access to Web applications has been the number one place for passfaces," said Lareau. "Regardless of what particular application it is, whether it's financial services or a health care portal like ParadigmHealth is doing, anyplace where you have multiple people coming from multiple places to access data, passfaces is a perfect authenticator."

This column appeared in the September 2006 issue of Occupational Health & Safety.

This article originally appeared in the September 2006 issue of Occupational Health & Safety.

Download Center

OH&S Digital Edition

  • OHS Magazine Digital Edition - June 2021

    June 2021


      High-Visibility 101: Everything You Need to Know
      Seven Tips for How to Choose and Use SRLs
      How to Keep Employees Safe in 2021
      The Heat is Coming - Keep Your Cool Indoors and Out
    View This Issue