The "unlock via face recognition" feature looks cool. But I guess someone can just take a picture of your face and show the picture to the phone to unlock it. Oh well, it seemed cool for a few minutes :)
When I saw them unveil Face Unlock, and then have the demo fail on stage, I immediately wondered why they were even bothering with such a gimmicky feature... and your 'photo imposter' scenario is realer than most people believe [1].
[1] PDF: Paper by Nguyen Minh Duc and Bui Quang Minh from Bach Khoa Internetwork Security Center/Hanoi University of Technology
Security vulnerabilities aside, I just don't see people gravitating towards this.
Pick up phone, hold it out at arm's length in front of you. Hold it real still. Now wait. Bloop bleep boop now it's unlocked!
Compare with:
Pick up phone, swipe your unlock gesture. Hurray!
For something the user is doing constantly, many times, every single... I just don't see why anyone would pick the more uselessly time-consuming (and more effort required) option.
I think it could be useful if the camera has a zero shutter lag as it is in the nexus. A scenario coming to my mind is maybe hands-free interaction with voice commands while driving. Anyway, it don't think locking a phone has a security connotation here, but it is a way to avoid any accidental launch of application/typing.
Lock the phone and carefully look at the screen from a few different angles. Chances are that you can clearly make out the greasy trail of the unlock pattern. I switched back to a PIN code when I noticed this.
It's a step above a pattern/PIN lock; with a minimum drop in convenience. No smudge trails left on the screen, can't be easily guessed, and you have to know who the owner is before you can unlock it. Not as secure as, say, a fingerprint scanner, but it's also easy to implement on existing devices.
i think the parent was talking about the security implications of having your unlock pattern show up on the screen. it's entirely possible to not touch the screen enough after unlocking to wipe out your pattern.
No feature is perfect. This still protects against data theft or prying eyes if you lose your phone, my primary concern.
Those finger-swipe locks that people seem to be so fond of on my University campus are less secure than decent facial recognition software IMO. Hypothetically I could find a phone left behind in the library and see their passcode pretty clearly in their finger smudges on the screen. Do you remember to wipe your screen clean every time?
Facial recognition will not deter someone who is deliberately targeting you, no. Maybe some combination of facial recognition AND numeric-passcode would be more suitable.
I am wondering how this works in low light situations..
Also i guess the "pattern to unlock" works faster, more reliable and is just as unsafe... Although it's easier to guess the finger "smears" on the display then getting hold of a picture of a phones owner..
One can still blame Google for choosing to use a flawed technology.
If they chose ROT13 for encrypting user data, would you say "It's a limitation/drawback of ROT13. I would not consider it as Google's fault to use it"?
