LAS VEGAS—Can selfies have an actual redeeming value after all? Yes, according to one company that is championing new technology in which the selfie replaces user names and passcodes for online security, including at financial institutions.
At the Consumer Electronics Show (CES) numerous companies are displaying technologies that would replace the much-disliked and often-breached systems dependent upon user names and passwords.
Among them is Hoyos Labs, which is not just marketing a solution it calls “1U,” it said the technology will be in place at several financial institutions this year. The biometric solution uses periocular, iris and facial recognition to authenticate a user. Initially used in conjunction with a user-name and password, the solution eventually dispenses with those and requires only that the user have a camera-enabled smartphone that allows them to shoot a picture of their own face, or selfie.
Scammers can not use a “picture” of someone; the system is designed to require a “live” face.
Importantly, an individual’s webcam on a laptop or desktop is not used, as it may be compromised. According to Hoyos Labs, it works this way: Immediately following installation, the user will be guided through the Biometric enrollment. The user will be asked to provide an e-mail address to which a confirmation will be sent as well as instructions on creating a client certificate and a two-way SSL connection between the mobile phone and the 1U backend server.
The app has five components that allow users to:
- Enroll their biometrics.
- Add their favorite websites to the pre-built site list.
- Sync their mobile and desktop.
- Use their biometrics to log into these sites either on their mobile or desktop.
- Configure multiple machines to log in from their mobile device.
Hoyos Labs noted the average online user has at least five usernames and passwords that are either too complex to remember, or so easy they are easily breached. It further noted that several of the major retailer breaches have been caused when just one person’s credentials were compromised.
The new selfie solution is available for both Androids and iPhones. The company told media outlets that it is working with a number of “major” banks.