Security Encyclopedia

Face Authentication

Face Authentication is a technology that enables people to access online services, physical settings, and other resources using images of their face.

Face authentication, also called face/facial recognition, relies on mobile and other devices’ native sensing technology. Some third-party biometric algorithms, however, are deployed as software that leverages device cameras for this purpose. Liveness detection — with the user prompted to nod, smile, or otherwise move during authentication, or continuously during the session — is often added as an additional security layer.

Some face authentication solutions are architected in a decentralized model using FIDO standards that ensure a consumer or employee face template is secured on the user’s mobile device. Here, a user’s face scan is verified locally against itself, a token is sent to the service provider, and access is granted. The biometric itself is not stored at the service provider (true secret).

Other face authentication solutions are architected in a legacy centralized scheme in which user templates are stored at the service provider, and matching is done against a library of all other users’ biometrics (shared secret). These systems are commonplace in criminal justice, international border crossings, and national security settings.

Example:

“Some airlines and retail establishments are using face authentication to deliver people a faster, more personal experience. Before opting into these services, it’s a good practice to ask the airline or store where the biometrics are stored.”