E-commerce behemothic Alibaba Group, and its affiliated online payment service AliPay, presented their prototype of using facial recognition instead of passwords for authentication. But with cyber theft becoming more and more mutual, users may be wary of having their personal images stored on centralized servers that are vulnerable to set on.

'Selfie' Payments

Alibaba founder Jack Ma compared the simplicity of this engineering for purchasing stuff with taking selfie and demonstrated this technology in the CeBit conference in Hanover, Deutschland concluding week.

Jack Ma says:

"Online payment to purchase things is always a big headache. You lot forget your password, you worry well-nigh your security. Today we show you a new technology."

Ma besides appear that the service volition be available to the public by 2022 and that they have been testing this method from a security standpoint.

Authentication methods galore

User verification typically tin exist done by something that user knows (Passphrases and Passwords) or something that the user has (Token) or something that the user is (Biometric). Biometric authentication similar fingerprints for instance is common amid users and is used in many different authentication schemes. Other types of biometrics such equally retinal scanning and facial recognitions practise exist, but are not as commonly used.

The real reason why biometric verification methods similar facial recognition have not caught on yet is essentially due to their loftier price and security concerns. Despite the futuristic entreatment and potential to speed up online payments, this method of authentication presents significant security risks.

Facial recognition when the user actually scans their physical face and not an image of someone else's. In physical cases a safeguard can monitor and verify this to avoid fraud. Even so, the digital world offers means to get around this security barrier. For example, as 3D printers and micro- manufacturing technology get more and more than common, printing a 3D image of a person'south face should not be also difficult by 2022.

"So the question becomes: is AliPay sacrificing the security for fanfare and "convenience"?

Yep. In fact, other companies take as well been seeking similar solution but none and so far accept been close to this kind of easy-to-use payment authentication where you can basically login past grinning to your phone.

Other interesting methods proposed to distinguish a person from an prototype include the monitoring of user'south blinks through video authentication. Yet, some hackers accept already adult ways to circumvent this by making dynamic images instead of static ones.

Decentralized security

But regardless of the biometrics used, we tin can see that the authentication method relies on unmarried server that verifies a person by distinguishing the real data paradigm from a simulated. This single server or single point of failure may therefore be an attractive target for hackers.

Meanwhile, blockchain technology in a decentralized network have better security solutions than a centralized entity such every bit AliBaba's servers, which have proven to be vulnerable putting millions of users at risk. Instead of having a centralized system of servers, which can fail, decentralized solutions can have multiple points and determination makers that achieve a consensus and agreement beyond the network.

For case, instead of Alibaba'south "dumb" servers in this case, we can provide a decentralized hallmark method where a user can be confirmed by all of the other users who verify the given digital image in return for financial incentive akin to how "mining" is done on the Bitcoin network. This is likewise similar to having the physical safeguard making sure that no one is trying to cheat.

Conclusion

Ultimately, engineering volition reach a point when we can but login by smiling equally AliBaba is promising. Still, rather than AliBaba attempts to brand this arrangement secure using a centralized server, one should consider using a decentralized network for this verification process to compare which method would be the most reliable under various conditions.

Nosotros will before long realize that the crux of the problem is not innovative biometric hallmark or other cutting edge engineering science, but rather it is the traditional centralized architecture that handles sensitive information, presenting a single point of failure to would-be hackers. We take been witnessing the inevitable consequences of these centralized data storage for quite some time, then perhaps the moment is now ripe to consider some promising alternatives like the blockchain and distributed data storage.