Online retail giant Amazon is proposing replacing passwords with selfies to improve security of web payment applications.
The American firm has filed a patent application for a technology that would require users to take two photos of themselves to prove their identity in online purchases.
“While many conventional approaches rely on password entry for user authentication, these passwords can be stolen or discovered by other persons who can impersonate the user for any of a variety of tasks," said Amazon's submission to the US Patent and Trademark Office, which has been filed in October but only recently published.
"Further, the entry of these passwords on portable devices is not user-friendly in many cases, as the small touchscreen or keyboard elements can be difficult to accurately select using a relatively large human finger, and can require the user to turn away from friends or co-workers when entering a password, which can be awkward or embarrassing in many situations."
The firm believes the selfie verification would not only be more convenient but also more secure as it wouldn’t force users to look for shortcuts to remembering passwords, which in turn makes them vulnerable to hackers.
"In order to avoid typing in long passwords in such situations, users often have their passwords stored on their devices or enable information to be stored elsewhere such that an activity can be performed without manually re-entering the password,” Amazon said.
"When using such an approach, however, another person having access to that device can impersonate the user for any task associated with the store password."
By requiring two pictures to be taken, Amazon said, the system can’t be as easily spoofed as conventional systems relying on facial recognition. Such systems can be in many cases tricked by someone holding a picture of the victim in front of the camera because they don’t distinguish between a two-dimensional image taken of the user or of a picture of the user.
In Amazon’s system, the first picture proves the identity of the user, while with the second the user confirms that he or she is an actual human being and not just a picture by either moving their head, smiling or blinking.
The concept of selfie verification has been previously explored by MasterCard, which ran a trial with 500 customers, allowing them to either use a smartphone to take a selfie or a fingerprint scanner built into the smartphone to verify a transaction.