4

The first time I forgot to take my mask off before using the facial recognition login to my Windows 10 computer, it wouldn't work (which I expected). After a couple times, though, it started logging me in before I had a chance to take my mask off. Is it a security issue that the facial recognition can recognize me with a mask? If, say, one of my brothers who look very similar to me (not that I have issues with them accessing my computer, but someone else might look sufficiently alike) were to put on a mask and wear my glasses, would the facial recognition know the difference?

I'd be interested to hear what exactly Windows Hello takes into account when scanning your face, that might help me know whether whatever is hidden by the mask is important to its algorithms. All that I can think of that's out of my mask are my eyes... Can it recognize me only from that? How accurately?

Benjamin Hollon
  • 143
  • 1
  • 5
  • 1
    Just checking, are you sure your Hello uses facial recognition, rather than checking your retina? Some Windows Hello devices have cameras capable of retina scan (contrary to the movies, this doesn't require a visible red line panning over your eyes) and that would obviously not be blocked by a mask. – CBHacking Aug 07 '20 at 06:21
  • Good question. It calls it "face sign-in," how do I know what it's using? It describes it as "recognizing your face" but that might include retina scanning. (If it helps, I have the Surface Laptop, 1st generation) – Benjamin Hollon Aug 07 '20 at 06:51
  • 3
    Are you aware that Windows Hello uses IR, not a visual? – schroeder Aug 07 '20 at 07:23
  • Okay, that solves the problem, then. Thanks so much, y'all! – Benjamin Hollon Aug 07 '20 at 08:18
  • 1
    @CBHacking - I think you are confusing retina scan with **iris** scan. Iris scan can be quite secure and works with a camera. Retna scan is a laser and rather scary, I've never encountered a retina scan in real life. – user10216038 Aug 07 '20 at 17:57
  • 1
    Note that your brothers getting in may be possible regardless of whether or not it has learned to recognize you despite a mask. My 12 year old son is able to unlock my wife's iPhone via facial recognition. Facial recognition is still (IMO) in the early phases of development and is often fooled by family members - there are many reports of it. – Conor Mancone Aug 07 '20 at 19:04
  • @user10216038 Whoops, yep, my bad. Knew it was part of the eye, forgot which. – CBHacking Aug 09 '20 at 00:24

1 Answers1

3

Any kind of biometrics (actually any measurement), including facial recognition, is subject to False Positives and False Negatives . In practice the algorithms are tweaked to favor one over the other as a function of context.

A super secure Alien Autopsy Lab at area 51 would favor False Negatives as the preference is to block even a few people who are authorized rather than take the chance of admitting uncleared people.

A general purpose user access system like Windows Hello favors False Positives because with a huge number of users (many millions), blocking out a significant percentage of valid users would be a firestorm of complaints.

I'm not sure of exactly what criteria Windows Hello uses, but it's almost assuredly very weak criteria.

As for IR, that's near infrared in the 1 micron region, i.e. barely redder than red. It's not capable of peering through a mask.

-- addendum --

Microsoft has some very specific statistics on these rates, but they are too specific to be reliable. Actual testing of facial recogniton systems vary widely, specifically they vary with Race and Gender so a single statistic is questionable.

user10216038
  • 7,552
  • 2
  • 16
  • 19