Inspiration
Online facial authentication is tricky, considering the ability of anybody with a Facebook account to pull a picture of your face at any time. We wanted to take a stab at a scheme that is resistant to these types of attacks without resorting to transferring video over the network.
What it does
P-Auth allows users to authenticate based on eye movements using the face recognition API of Project Oxford. Users first register by training a face with a single picture. They can then login by sending two pictures of their face that differ only through pupil movement in a random direction as dictated by the server.
Challenges we ran into
We originally wanted to authenticate based on head position, but unfortunately the Project Oxford API was both unable to determine pitch (as opposed to roll and yaw) as well as distinguish between a rotated head and a rotated picture, defeating the purpose of facial authentication. So we resorted to using pictures of moving pupils to avoid this particular vulnerability.
Accomplishments that we're proud of
We are most proud of the snappy response time and overall usability.
What's next for P-Auth
As a big next step, we think we can further leverage the rich data provided by Project Oxford to create a "password face," which is held on the server and completely prevents to use of photoshop.
Log in or sign up for Devpost to join the conversation.