RealFaces: An Intriguing Way To Authenticate
RealFaces (http://www.realuser.com) is actually surprisingly cool. I began
writing a point by point rebuttal to the effectiveness of their technology,
until I finally decided to take a few minutes to try it out.
I’m impressed. Their documentation (what little there is) is positively
awful from a technical point of view; you can practically taste the various
layers of refinement in their design. They tested this stuff alot, and
obviously went back to the drawing board at least a few times. What’s
interesting is that your password isn’t just one face of nine, it’s all nine
faces acting in concert to remind you which specific one you’re supposed to
remember. The faces are probably computer generated using face amalgamation
mechanisms, considering they possess a surprising degree of explicit
diversity–there’s always one and only one person who’s black, who has a
specific curve in their hair, who has “extra bright teeth”, and so on.
>From an entropic point of view, five rounds of 1/9 selection without any
apparent ability to test passwords round by round (a failure in round 2
still offers the opportunity to try rounds three through five, and the
server rather than the client does the authentication) gives a little under
sixteen bits of entropy–59K possible passwords. Their ActiveX control
doesn’t function under Opera, and might not under Netscape, which limits its
deployability.
Their biggest issue is that it’s likely more difficult to remember large
sets of passfaces–remember, the advantage that you *can’t* write them down
is also a heck of a disadvantage if you’d have multiple sets of
authenticating material. RealUser’s solution is to have all public sites
centrally authenticate through it, which of course generates a single point
of failure–remember when PassPort (Hotmail’s central authentication server)
lost its DNS, and half of Microsoft’s sites no longer worked? Imagine if
nobody could log in…anywhere.
Overall, it’s pretty interesting technology. There’s conceivably weaknesses
if they’re using only certain faces as “key faces”, if repeated properties
always rule out a few of the people, or if the “correct face” is always
downloaded first by the client. But those are implementation flaws. The
core technological flaws–from inadequate differentiation between option
faces to the fact that random “peers” would eventually differentiate
themselves from a static keyface–have been addressed nicely. The one thing
I’m particularly concerned about is cultural bias…but dealing with that
problem is actually amazingly harder than you’d think.
I can see why Dyson invested. The technology isn’t perfect, but it
is…interesting. Much, much more compelling than I expected it to be.
Dan Kaminsky's Blog 