Passwords suck, but lip-reading computers won’t save us

Read my lips: passwords stink, and you already know all the reasons why. And as part of the quest to replace (or at least strengthen) the act of typing in a traditional password, a computer scientist at Hong Kong Baptist University has proposed using lip movement.

The system works by analyzing the lip movement—and even lip shape and texture—of a person speaking a password to make sure he or she is authorized, according to the university. That way, even if the wrong person speaks the right password, access will still be denied. They call it a “lip password.”

“The same password spoken by two persons is different, and a learning system can distinguish them,” the lead researcher behind the technology, computer science professor Yiu-ming Cheung, said in a statement. And because the technology is focused on the person’s lip movement, it could theoretically be used with any language. (Pro tip: Saying your password out loud is generally not smart.)

But you might not want to practice mouthing off to your computer just yet. Anil Jain, a professor of computer science and engineering at Michigan State University and the head of the Biometrics Research Group there, is not impressed with the “lip password” idea, the concept for which has been around for a while.

One problem with using lip-reading as a password? “The lighting has to be very favorable,” Jain says.

Of course, a user’s lip movement is just one kind of biometric (others, of course, include fingerprints, facial identification, and iris scanning). “Biometrics is here to stay,” he says.

But users won’t embrace any biometric input method unless it actually works well, Jain points out. Apple’s TouchID interface is a great example of a user-friendly input. Built into the iPhone’s home button, that tech was a “game changer,” he says. And unlike facial recognition or lip movement, a fingerprint sensor works in the dark. (But good luck if your hands are damp.)

At the other end of the spectrum is the Myris eye scanner, which received poor reviews back in 2014.

Marios Savvides, who directs the CyLab Biometrics Center at Carnegie Mellon University, studies face and iris recognition; he says that at his lab, they can capture information about a person’s iris from nearly 40 feet away. He thinks that one good solution to computer login woes would be to use a strong authentication—using a metric like a fingerprint or iris scan—followed by softer monitoring by, for example, your webcam. So after logging in, you could rely on your webcam’s facial recognition capabilities to give you access every time you sat down at your computer—while locking the device to anyone else who tried to take your place.

“It’s actually learning that this is the face that I need to keep making sure is in front of me,” he says.

But no one has whipped up such a glorious combination of user-friendly, reliable biometric login systems as of yet. That’s why passwords, as annoying as they are, still remain so ubiquitous: as long as they’re typed in correctly, they always work—unlike a damp fingerprint on a home button or a buggy facial-recognition algorithm.

“People have been calling about the death of [the] password for many, many years,” Jain says with a chuckle, “but it hasn’t happened yet.”