Toggle light / dark theme

Passfaces: Strong authentication for the masses

Last year, Google began experimenting with hardware-based schemes for user-authentication, while Apple added two factor authentication to iCloud and Apple ID users. They began sending a verification code to users via a mobile number registered in advance.

Security pundits know that two factor authentication is more secure than simple passwords. As a refresher, “Factors” are typically described like this:

  • Something that you know (a password — or even better, a formula)
  • Something that you have (Secure ID token or code sent to cell phone)
  • Something that you are (a biometric: fingerprint, voice, face, etc.)

The Google project may be just another method of factor #2. In fact, because it is small (easily misplaced or stolen), it simplifies but does not improve on security. I suggest a radical and reliable method of authentication. It’s not new and it’s not my idea…

Back in 1999, Hugh Davies (no relation to Ellery) was awarded a patent on a novel form of access and authentication. It capitalizes on the human ability to quickly pick a familiar face out of a crowd. Just as with passwords, it uses something that you know to log in, purchase, or access a secure service. But unlike passwords, the “combination” changes with every use, and yet the user needn’t learn anything new.

Hoping to commercialize the technique, Davies joined another Brit, Paul Barrett, and formed Passfaces (originally, Real User Corporation). Incidentally, it is quite difficult to research Passfaces and its history. Web searches for “face recognition”, “access”, “authentication” and “patent” yield results for a more recent development in which a smart phone recognizes the face of authorized users, rather than users recognizing familiar faces. (Google, Samsung and Apple are all beginning to use face recognition on mobile devices). In fact, the Passfaces method is quicker, uses less resources and is far more reliable.

I have long been disappointed and surprised that the technique has never caught on. It is a terrific method with few drawbacks. Used alone, it is better than other methods of 1 or 2 factor authentication. Add a second factor and it is remarkably secure and robust.

How it Works:

Passfaces-1When accessing or authenticating (for example, logging into a corporate VPN or completing a credit card purchase), you are presented with a tiled screen of individual faces. I prefer a big 15×5 grid = 75 images, but Passfaces uses sequential screens of just 9 faces arranged like the number pad on an ATM.

Just click on a few familiar faces. That’s all! Oddly, Passfaces discourages the use of known faces. Their research, with which I respectfully disagree, suggests that users should train themselves to recognize a few faces from the company’s stock library. In my preferred embodiment, users upload a dozen photos of people they know at a glance—preferably, people that they knew in the past: A 3rd grade music teacher, a childhood friend who moved away, the face on an oil painting that hung in the basement until Dad tossed it in the fireplace. Now, add the boss who fired you from your first job, the prom queen who dumped you for a football jock, and that very odd doorman who stood in front of a hotel in your neighborhood for 20 years. Photos of various quality and resolution, but all scaled to fit the grid. Some are black & white, perhaps scanned from an old yearbook.

Using my preferred example of 75 faces, suppose that 5 or 6 of the images are from your personal shoe box of old photos. The rest are randomly inserted from all over the internet. How long would take you to click on 3 of the 5 or 6 familiar faces in front of you? (Remember: They are old acquaintances. Even a spouse would have difficulty picking out 3 faces from your early life—as they looked back then). Surprise! You will click them instantly, especially on a touch screen. You won’t need even a second to study the collage. They jump off the screen because your brain perceives a familiar face very differently and faster than anything else.

Of course, the photo array is mixed in different ways for each authentication and it incorporates different friends from your original upload. In fact, if a user sees the same faces in the next few transactions, it is a red flag. Someone has spied on the process, perhaps with a local camera or screen logger. In legitimate use, the same faces are not recycled for many days and are never shown together on the same screen.

Facebook uses a variant of this technique when their servers sense your attempt to login from new equipment or from another part of the country. They show you individuals that you have friended, but that were uploaded and tagged by other users. If you cannot identify a few of your own friends, especially the ones with which you have frequent social contact, than it’s likely that your login attempt deserves more scrutiny.

I don’t know why Passfaces or something like it has failed to catch fire. Perhaps the inventor refuses to license the method at reasonable cost or perhaps he cannot find a visionary VC or angel consortium to more aggressively promote it. If I had invented and patented facial-array authentication, I would attempt to market the patent for a short time focusing on very large network companies like Microsoft, Google, Cisco or Akamai. If I could not license or sell the patent quickly, I would hesitate to go it alone. (I have tried that route too many times). Instead, I would place it in the public domain and profit by being the first, and most skilled practitioner at deployment. I would train and certify others and consult to organizations that use or commercialize the technology.

saira.maskI used this approach in promoting my own patent which describes an economic barrier to spam (after failing to exploit the invention with my own company). Later, I started with this approach in my research on Blind Signaling and Response and on Reverse Distributed Data Clouds. I recognized that rapid adoption of transformative technology like facial grid authentication, can be thwarted by defensive IP practice.

« Branching somewhat off topic, a developmental biologist at Imperial College in London, has published a proof that Saira Mohan has the world’s most beautiful face, irrespective of the observer’s race. That’s Saira at left. Her mother is French/Irish and her father is Hindoo.

__________
Philip Raymond is Co-Chair of The Cryptocurrency Standards Association [crypsa.org] and
chief editor at AWildDuck.com. He consults to cloud storage vendors in areas of security, pri–
vacy & network architecture, but has no ties to Passfaces or the authentication community.

Major bank admits bitcoin could destroy banks, brokers & exchanges

July 9 update:
3 days after posting, Visa acknowledged that Bitcoin has a future in payments. This is an understatement, of course. The bank described below goes a step further by acknowledging that the entire financial infrastructure may cave to cryptocurrencies.

French bank BNP Paribas warned customers and investors that the technology behind bitcoin might one day overtake conventional, account-based financial institutions, thus rendering existing companies redundant (that’s British for “obsolete”).* It’s a tectonic acknowledgement from one of the world’s biggest banks.

Analyst Johann Palychata writes in the company’s magazine Quintessence that Bitcoin’s blockchain, the underlying architecture that allows cryptocurrency to function, “should be considered as an invention like the steam or combustion engine,” that has the potential to transform the world of finance and beyond.

Check out the full story by Oscar Williams-Grut at Business Insider.

* Although Bitcoin will obsolete the current service mix of financial institutions, it is my opinion that for savvy governments and established businesses, it represents a long term opportunity rather than a threat. —PR

__________
Philip Raymond is Co-Chair of The Cryptocurrency Standards
Association [crypsa.org] and chief editor at AWildDuck.com

Bitcoin Adoption: Series of reactions

What is Bitcoin?

Sure—You know the history. As it spread from the geeky crypto community, Bitcoin sparked investor frenzy. Its “value” was driven by the confidence of early adopters that they hitched a ride on an early train, rather than commercial adoption. But, just like those zealous investors, you realize that it may ultimately reduce the costs of online commerce, if and when if it becomes widely accepted.

But what is Bitcoin, really? To what class of instruments does it belong?

• Ardent detractors see a sham: A pyramid scheme with no durable value; a house of cards waiting to tumble. This is the position of J.D, an IRS auditor who consults to The Cryptocurrency Standards Association. As devil’s advocate, he keeps us grounded.

• This week, MasterCard was only slightly less dour. They claim that the distributed nature of Bitcoin will ultimately cause it to unravel. They want us to believe in the necessity of a trusted authority as broker/guarantor/arbiter. I get it! After all, the block chain is a serious threat to the legacy model for moving money

• Many people recognize that it can be a useful transaction medium—similar to a prepaid gift card, but with a few added kicks: Decentralized, low cost and private.

• Or is it an equity asset, traded by a community of speculative investors, and subject to bubble psychology? If so, do the wild swings in its exchange rate diminish its potential to be used as a payment mechanism?

• Full-fledged ehthusiasts say that Bitcoin has the potential to be a full-fledged currency with a “real value” that floats based on supply and demand. Can something that lacks intrinsic value or the backing of a bank or government replace national currency?

Regardless of your opinion about Bitcoin, it does one thing that few pundits dispute: Sure, the exchange value fluctuates—but for those who don’t plan to retain holdings as an asset, it reduces transaction costs to —nearly zero. This characteristic, alone, is a dramatic breakthrough.

Peering Into the Future?

Removing friction is certainly what it is all about. As a transaction medium, Bitcoin achieves this, but so does any debit instrument, or any account in which a buyer has retained house “credit”.

Bitcoin_pullback-sCurrently, there is a high bar to get money exchanged into and out of Bitcoin. It’s a mess: costly, time consuming and a big hassle. Seriously! Have you tried using an exchange? Even the most trusted one (Coinbase of San Francisco) makes it incredibly difficult to get money in and out of BTC, prior to establishing your account, identity and banking history. Fortunately, this situation is gradually improving.

Where Bitcoin really shines (or more accurately, when it will shine), occurs at the time when more vendors choose to leave revenues in BTC, pending their own purchases from suppliers, shareholder payouts, or simply as retained savings.

When this happens, all sorts of good things will follow…

• A growing fraction of sellers leave their bitcoin in their wallets, realizing that they will need to spend it for their own labor and materials.

• Gradually, wild exchange-rate gyrations diminish—not because fewer people are exchanging money, but because the Bitcoin supply/demand value is driven more by actual commerce than it is by speculation.

• Sellers begin pricing merchandise in Bitcoin rather than national currencies—because they are less anxious to exchange out of BTC immediately after each sale.

When sellers begin letting a fraction of bitcoin revenues ride—and as they begin pricing goods and services in BTC—a phenomenon will follow. I call it the tipping point…

• If goods and services are priced in BTC, then everyone involved saves money and engages in transactions more efficiently.

• If goods and services are priced in BTC, then the public will begin to perceive exchange rate volatility as a changing dollar rather than a changing bitcoin.*

• If buyers also begin to save their BTC (i.e. they do not worry about immediately moving it back to national currency), it means that Bitcoin is being perceived as a stored value—not just an exchange chit. That may seem to be a subtle footnote, but the ramifications are earth shaking. That earthquake is the world gradually moving away from centralized treasury-issued bank notes and toward a unified and currency that we can all trust.

People, everywhere, will one day place their trust in a far more robust and trustworthy mechanism than paper promissory notes printed by regional governments. A brilliantly crafted mechanism that is fully distributed, p2p, transaction verified (yet private), has a capped supply and is secure.

What Then?

O.K. So we believe that Bitcoin is the future of money and not just a replacement for credit cards. But what does this really mean? Can the series of cause-and-effect be extrapolated beyond widespread user adoption? Absolutely! …

Adoption of Bitcoin as a stored value (that means as a currency) leads to the gradual realization among governments that Bitcoin is not a threat to sovereignty nor even to tax policy. Instead it presents unbounded opportunity: The opportunity to stabilize markets, eliminate inflation, reduce costs and restore public trust. In short, Bitcoin will ultimately level the playing field, revive entire economies, transform the role of government, and save consumers and businesses billions of dollars each year.

Did I mention that Bitcoin is the future of commerce and a very possible successor to legacy currencies? Aristotle must be smiling.

* We tend to think of the dollar as more ‘real’ than Bitcoin. It is not! It has only one advantage. At the end of the day, taxpayers must settle their debts in the currency demanded of their nation. But as Bitcoin adoption gains traction—even if only as a transmitting medium—fiat currencies will gradually become marginalized as play money. That’s because they are susceptible to inflation, politics and manipulation. Bitcoin is held to a higher standard. It is governed by pure math. Despite high-profile news of the day, Bitcoin will even become more resistant to loss and theft than dollars, once tools and practices become well established.

Uncle Sam can lease the US Treasury building to pay off debt brought about by inflation
Uncle Sam can lease the US Treasury building to pay off debt brought about by inflation

Philip Raymond is Co-Chair of The Cryptocurrency Standards Association. He advises banks on new
age currency. Raymond was master of ceremonies and 1st speaker at The Bitcoin Event in New York.

Related:

Exponential Finance: Financial Advice In the Age of AI and Long Life — By Jason Dorrier SingularityHub

Ric Edelman is one the top financial advisors in the US. His firm, Edelman Financial Services, has 41 offices across the country. And he thinks, all things constant, most financial advisors as we’ve known them won’t be around much longer.

At Exponential Finance, Edelman said, “I firmly believe that in the next ten years, half of all the financial advisors in this country will be gone.” Read more

The Arctic’s Internet Is So Expensive That People Mail the Web on USB Drives — Via Motherboard

“Canada’s domestic digital divide, with the North as its epicenter, has been a point of growing concern over the last several years. Much of the internet in the northernmost regions of the country is still beamed down by satellites, but a plan to link Europe and Asia with fiber optic cable via Nunavut is currently being negotiated by a Toronto-based company called Arctic Fibre.”

Read more

Bitcoin Alternative DNotes Focuses On Banking Solutions And Stability While Venture Capital Investment Continues At Record Breaking Pace

Quoted: “DNotes can best be characterized, as a second generation Bitcoin alternative digital currency. It objectively studied Bitcoin’s strengths and weaknesses as well as threats and opportunities. DNotes was created on February 18, 2014 with an objective to meet the full functions of fiat currency as a unit of account, store of value and medium of exchange within three years. It decided to take a very different path since day one in building a trustworthy stable digital currency with reliable long term appreciation.

Central to DNotes long term strategic plan is the creation of highly scalable building blocks, as the foundation of its own ecosystem. Those strategic building blocks include CryptoMoms; a currency neutral site dedicated to encourage women participation, DNotesVault; a free secure storage for DNotes’ stakeholders with 100% deposit guarantee with verifiable funds, and CRISPs; a family of Cryptocurrency Investment Savings Plans for everyone worldwide. The core mission of CRISP is to make the savings opportunity available to everyone; from the unborn to the most senior; from the unbanked to the super rich. The opportunity for anyone to participate irrespective of financial standing, coupled with combined charity efforts will bring about much needed financial freedom for millions worldwide.”

Read more here > http://www.pressreleaserocket.net/bitcoin-alternative-dnotes…ce/109719/

Could Abra be Bitcoin’s “Killer App”?

Quoted: “At the event, CEO Bill Barhydt said: “Our mission with Abra is to turn every smartphone into a teller that processes withdrawals. This is not just another bitcoin app. The wallet is a full-fledged digital asset management system, and you don’t have to understand it.”

Use of the application is straightforward and relies on a network of people around the world who act as tellers, charging small fees to help people transfer money abroad. A user can deposit funds into his or her account using a debit card or by meeting up with a teller in person and handing them cash. Then those funds can be instantly — the power of Bitcoin — transferred anywhere in the world. The person receiving the money has only to find a teller, show that he or she is the recipient of the funds, and exchange the digital cash (denominated in USD) back for their local currency.”

Read the article here > https://bitcoinmagazine.com/19490/abra-announced-launch-fest…d-bitcoin/

Platforms, not products, are the way to bring financial services to the poor

Leo Mirani — Quartz

In recent years, the banking and finance industries have not done a lot to earn the trust of consumers in the West. But in poor countries, basic financial services can be transformative.

Even in today’s wired world, many people still stash cash under the mattress, where inflation erodes it away. When they want to send money, they have to find a way to physically transport it. Loans are doled out in bundles or envelopes from moneylenders, at exorbitant rates. Emergencies or unforeseen circumstances can drive a family into penury.
The financial services these people need may come via mobile banking, as Bill and Melinda Gates wrote recently in their annual letter. Basic banking services—from simple payments and transfers to insurance, savings, and loans—are now possible on the simplest of mobile phones, as Quartz has reported.

Bitcoin’s Unique Features Lighten Up its Ambiguous Future


The recently concluded Bitcoin & the Blockchain Summit in San Francisco on January 27 came up as a vivid source of both anxiety and inspiration. As speakers tackled Bitcoin’s technological limits and possible drawbacks that can be caused by impending regulations, Bitcoin advocate Andreas Antonopoulos lifted up everyone’s hope by discussing how bitcoins will eventually survive and flourish. He managed to do so with no graphics or presentations to prove his claim, just his utmost confidence and conviction that it really will no matter what.

On the currency being weak

There have been statements about Bitcoin’s technology surviving, but not the currency itself. Antonopoulos, however, argues that Bitcoin’s technology, network, and currency are interdependent with each other, which means that one element won’t work without the other. He said: “A consensus network that bases its value on the currency does not work without the currency.”

On why Bitcoin works

Antonopoulos underscores the fact that Bitcoin works because it is a dumb, transaction-processing network. Calling Bitcoin dumb is far from disparaging Bitcoin’s image as he actually thinks of this dumbness as Bitcoin’s true source of strength. According to him, it is a dumb network that supports smart devices, pushing all of the intelligence to the edge. It’s an innovation without permission.

On being 2014’s worst investment

Antonopoulos also argues that those who believe bitcoins to be a bad investment only considers the price when there are other equally important factors to be looked upon such as continuous investments and technological innovations.

For instance, 500 startups were created in 2014, which generated $500 million worth of investments and produced thousands of jobs, some portion from Bitcoin gambling. This was also the year that two remarkably genuine technologies were created, the multi-sig and hierarchal deterministic (HD) wallets.

On waiting for Bitcoin to flourish in 2017

Antonopoulos then stated with unwavering certainty: “Give us two years. Now what happens when you throw 500 companies and 10,000 developers at the problem? Give (it) two years and you will see some pretty amazing things in bitcoin.”

On mining updates

Meanwhile, mining for bitcoins prove to be more challenging than before. A Bitcoin mining facility in China, for instance, generates 4,050 bitcoins every month, which is equivalent to around $1.5 million, but not without repercussions and complexities. The entrepreneurs in the mining facility realize that as the level of difficulty and computing power increase, the ratio also gradually changes.

Typically, the entire mining procedure utilizes about 1,250 kilowatt-hours of electricity, putting the factory’s electricity bill to about $80,000 every month. Nowadays, their miners produce 20–25 bitcoins a day, significantly lesser compared with their previously 100 mined bitcoins per day.

On leaving a thought

The confidence for Bitcoin’s bright future has been regained, thanks to Antonopoulos’ contagious exhilaration and resolute belief in its potential. However, we can only wonder what the increasing difficulties in mining for bitcoins entail to the cryptocurrency’s overall performance and future, though Bitcoin’s unique features have been proven to be strong and resilient enough to surpass any challenges.