Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud.
The technology is a mixture of traditional authentication solutions with the new wave of biometrics-based solutions.
The new authentication scheme, dubbed "lip password" works by training a machine learning algorithm to recognize lip shape, texture, and motion for each user, while he speaks a password to a camera.
Compared to classic and biometrics-based authentication systems, the lip password has many advantages.
First of all, the lip password can be changed, something that users can't do with other biometrics solutions, such as fingerprints, iris scans, and facial features. Once leaked, these biometrics authentication systems are compromised forever. On the other hand, if a lip password leaks online, the user only needs to update his password.
This way, the lip password mechanism maintains the uniqueness of biometrics authentication, with the versatility of classic password-based authentication systems that allow users to change passwords at will, or when compromised.
Second, lip passwords are resistant to mimicry. No matter how hard someone tries to replicate the password, he'll need to match the lip shape and motion at the same time. Even better, if lip passwords are used together with facial recognition software, then they can be almost impossible to crack, as the lip motion would have to come from the same face every time.
Third, lip passwords don't rely on speech recognition, meaning they can be used in noisy environments.
Fourth, lip passwords don't rely on proximity, meaning a user can provide a lip password while he gets out of his car, and the door will be unlocked while he reaches his house.
Last but not least, lip passwords have no language boundaries, and users can utilize any language or even made-up words.
The lip password technology received a US patent in 2015, and scientists expect it to be deployed in the financial sector first.
Examples include the authorization of payments from mobile devices, authorization of ATM transactions, or internally at banks to approve transactions of larger values.