Not All Face Recognition Solutions are Insecure

Sensible Vision, with nearly a million users, comments on the recent Black Hat presentation about hacking face recognition

COVERT, Mich.--( Vision, the leading supplier of face authentication systems, today responded to the “Your face is NOT your password” presentation made at the recent Black Hat Conference in Washington DC. The presentation, given by Nguyen Minh Duc and Bui Quang Minh of Vietnam-based Bach Khoa Internetwork Security (Bkis), documents the potential vulnerability of certain login face recognition solutions. Sensible Vision products were not part of this presentation.

Sensible Vision’s FastAccess™ face recognition software is currently in use by nearly one million users including security critical organizations such as hospitals, banks, and enterprise IT as well as on select Dell consumer laptops.

“By presenting their findings, Bkis has done consumers a great service by alerting them to a potential security vulnerability. At the same time, it is possible to provide face recognition solutions that address this vulnerability while maintaining the convenience and fun that face recognition offers. Especially for consumers, convenience is important as many people currently use little if any security to protect valuable data,” said George Brostoff, CEO of Sensible Vision.

Sensible Vision CTO Cyrus Azar added, “Early on in our development, we knew that it was important to address the photo-match/video replay issue in an easy to use, robust way that did not impact the user’s workflow. In addition to providing superior photo resistance, Face+Password is an innovation that addresses these goals. Our Enterprise products have had an enhanced version of Face+Password for years.”

All security solutions have weakness and vulnerabilities.

The Black Hat presentation states that face recognition “cannot wholly protect their users from being tampered.”

“All security methods, in fact, are susceptible to being bypassed with enough time and effort,” said Brostoff. “Passwords can be stolen, guessed or hacked by brute force, fingerprints can be lifted with a simple gummy bear, badges and access cards can be shared, lost or stolen. To minimize these weaknesses, most security experts recommend using a multi-factor security method.”

All Face Recognition Solutions are NOT the Same

Using Sensible Vision’s exclusive and patent-pending Continuous Adaptive Sensing (CAS) recognition routines, FastAccess is far more resistant to picture and video attacks than many other solutions. Even with advanced photo and video rejection technology, however, a successful attack is still possible. For environments where this type of sophisticated attack is deemed likely, FastAccess’ simple and easy-to-use Face+Password features eliminates photo/video access while maintaining the overall convenience of face recognition. Face+Password periodically requires both the user’s face and just a few characters of their password.

Empowering the user by publishing known possible vulnerabilities

Good security software publishes known vulnerabilities and provides solutions. In the case of FastAccess, Sensible Vision documents the likely conditions under which photo access may be possible in its product Help files and FAQs, along with specific recommended solutions such as the use of Face+Password when a photo/video attack is likely.

A level of security no other solution offers

“Systems running FastAccess are truly more secure both because of the increased difficulty in unauthorized login access and – more importantly – because it can automatically secure the desktop when the user is no longer in control of the machine,” said Azar. “This effectively prevents unauthorized access by someone simply walking up to an open computer. Unauthorized access to an unlocked machine is a very significant threat because it requires no effort, expertise or time.”

FastAccess Software

Enterprise versions of FastAccess are available directly from Sensible Vision and through its worldwide network of resellers and systems integrators. A consumer version is available on select Dell laptops. The FastAccess SDK is available for vendors to integrate face recognition directly into their applications.

About Sensible Vision

Headquartered in Covert, Michigan, Sensible Vision Inc. ( is the leading provider of continuous access control solutions for securing computers using facial recognition. Sensible Vision’s flagship product, FastAccess™ provides quick and continuous authentication and access control for computers and workstations. Using patent-pending biometric facial recognition, it speeds and simplifies access to the computer in a way that is economical and easy to deploy.

FastAccess is a trademark of Sensible Vision, Inc. All other names and trademarks referenced herein are the properties of their respective owners. 2/2009


Sensible Vision
Darin Beery, 269-932-4548 ext 106
Director Sales and Marketing