New technique authenticates passwords via lip reading
Tue 14 Mar 2017
A new password verification technique expected to be adopted for financial transactions in the near future exploits the way our lips form the passwords that we choose, whilst providing a language-agnostic security platform.
The innovation comes out of the Hong Kong Baptist University’s Department of Computer Science, which has developed the ‘lip motion password’ (LMP) as a semi-biometric solution to the increasingly acknowledged Mexican stand-off between the need for password complexity and rigorous policies, and the need for passwords which the user can remember and rely on.
Developed by Professor Cheung Yiu-ming, the LMP provides authentication context to passwords, potentially radically reducing the need that they observe the rules (uppercase, lowercase, non-alphabetic characters, and so forth) that often frustrate users. Lip topology is read via built-in cameras in smartphones or other devices, and correlated to registered password wave-forms, so that congruence is expected between the correct phonic password and the way that the user’s lips sound it out.
The underlying research for the technique employed not only a study of the way lip-shape changes during the formation of words, but also texture – though presumably chapped lips would not render a password invalid.
The method addresses the growing problem of password recycling, adding a crucial biometric element that is, apparently, impossible to simulate.
According to the research, the dynamic characteristics of lip movement is highly resistant to mimicry, and also reduces the problem of background noise – often an obstacle in using speech recognition as a biometric barrier.
Concentrating on the mouth area as a biometric factor – particularly with the involvement of shape recognition as the lips deform – addresses also the difficulties of using face recognition as a bare biometric passport, and guards against the more easily duplicable methods of fingerprint recognition.
The lip-reading technique also has the advantage of storing a password as a waveform sound, obviating the frequent difficulties which can occur in attempting to incorporate various text-language encodings (such as ANSI and UTF-8) into passwords, opening up the possibility for omnilingual passwords which are unbreakable – even if they are as guessable as the evergreen ‘password1’.