The ubiquity of facial-scanning software has led to the rise of ‘selfie authentication’. But is it a good way to onboard and authenticate users?
Facial recognition is here to stay. Airports are using SmartGate systems to verify who we are while the general smartphone user has their face scanned whenever they want to log into their device. This era of ‘selfie authentication’ may seem overly casual, but it’s a security solution that’s streamlining industries and protecting sensitive data.
But what about at an organisational level? We explore the pros and cons of using facial recognition to access secure locations and systems.
How selfie authentication works
Facial recognition is a relatively simple tool. When you register for access to a facility or enrol for a service, a reference video of your face is taken as well as a copy of a trusted, verified ID such as an ePassport. These are scanned and a map is taken that creates a digital representation of your face.
When you’re asked to authenticate to the system, an app prompts you to take a selfie which is checked against the stored digital representation. If there’s a match, within seconds you’re granted access. Anti-spoofing technologies (aka liveness detection), such as requiring you to blink or follow facial movement instructions, are becoming increasingly important to verify you are actually trying to access the system.
Is it reliable?
You need only look at the uptake of selfie authentication by big players such as banks and government organisations to realise that leaders back its reliability. Leading facial recognition technology has even proved to have a high level of accuracy when users are wearing surgical masks, which is increasingly common due to COVID-19. What’s more, with the proliferation of camera- and sensor-ready smartphones that enable selfie authentication, Juniper Research says there will be more than 1.3 billion devices capable of facial recognition by 2024. So it’s a technology that’s here for the long haul.
The pros of selfie authentication
The process for users is simple and doesn’t rely on specific scanners or readers. Once the enrollment process is complete, an app can be installed to the user’s smartphone. It’s similar to the Google and Microsoft Authenticator apps used for two-factor authentication (2FA), but can’t be faked by someone simply gaining access to the phone.
For busy organisations that employ large staff pools or have multiple offices locally and around the world, selfie authentication makes collaboration and connectivity much easier, especially with a robust bring-your-own-device (BYOD) policy in place. This means fewer resources required from the business side and more freedom for employees to work from home and access what they need wherever they are – so long as they have their device on them.
Besides simplifying and speeding up the authentication process for users, biometric authentication is far more secure than traditional forms of authentication such as passwords and PIN codes. This makes it ideal for high-risk activities such as financial transactions and accessing secure areas, or even in schools and universities to ensure the right student sits an exam.
But before authentication comes enrollment
Despite the clear advantages of facial recognition technology, authentication is only truly secure when there’s certainty the user is in fact who they say they are. Robust identity establishment must therefore be the first step in any identity strategy.
For many organisations, selfie enrollment is also viable. Users can follow a quick onboarding process whereby facial image and other data is verified against a government-issued identity document – all performed remotely via a user’s own device. Organisations with higher security risks, however, should employ stricter onboarding with a dedicated party overseeing the process. Users might still get to enjoy the streamlined capabilities of selfie authentication, but the enterprise is able to protect itself by having a dedicated operator who ensures the enrollment process is done correctly in the first place, by the correct users and using the appropriate levels of identity documentation.
There’s no denying that selfie authentication is a streamlined solution that allows businesses to know who is opening the doors and logging into their systems. With smartphones now equipped with the required technology, your organisation can broadly and securely deploy a selfie authentication platform that’s easy to use and far more secure than 2FA or passwords. But to take advantage of these benefits, organisations must first know with certainty the identity of their users.
See how Daltrey allows for both selfie and managed enrollment and authentication here >