Which is more secure, "face scanning" or "fingerprint" on smartphones?

Nowadays, almost everyone has a mobile phone, so this security will mainly focus on protecting users’ personal privacy data, various accounts (Taobao, Alipay, etc.), and payment information. Because the face and fingerprint are both biometric information of the user and accompany the person throughout his life, it is a "password that will not change"! Therefore, security is not absolute. If most of your software uses these biometrics to ensure security, it is very risky, because unlike digital passwords, which can be changed at any time, the consequences will be disastrous if it is leaked! Let’s talk about some applications and differences between “face scanning” and “fingerprint”.

Face recognition: When you pick up the phone, the phone needs to actively capture the face. (Machine active)

Fingerprint recognition: You need to give one of your fingers to the fingerprint recognition module of the mobile phone. (On your own initiative) Face recognition

Face recognition technology has been practically applied in information security fields such as PC login, mobile phone login, and daily clocking in and out, greatly improving people's experience in daily life.

1. Turn on the "Face Recognition Unlock" function. Face recognition unlocking refers to technology that allows users to fully obtain personal information stored in the device by recognizing faces.

2. The user records his or her face through the camera, allowing the device to memorize facial information in advance.

3. Recognize faces through the camera and unlock and log in to the device. If the face matches "preset authentication information," the user can log into the device. If multiple people want to log into the same device, when a second user comes in front of the camera, the device software will automatically redirect to the new user's profile.

4. Alipay’s face recognition technology adopts a regional feature analysis algorithm widely used in this field. It integrates computer image processing technology and biostatistics principles, and uses computer image processing technology to extract facial features from videos. Extract facial feature points and use the principles of biostatistics to analyze and establish a mathematical model, that is, a facial feature template. Use the built facial feature template and the subject's facial image to perform feature analysis, and give a similarity value based on the analysis results. This value can be used to determine whether they are the same person.

5. Alibaba’s unmanned supermarket is actually covered with facial recognition cameras. From the moment a customer enters the store, they capture and track the customer’s stay time in front of each shelf, product selection, and action route. When entering an unmanned supermarket, facial recognition is used to lock customers. When you pick up something, the system will automatically record the item and quantity. There is no need to check out after selecting the product, and the cost will be deducted directly from the mobile phone.

Not long ago, a video showing a 3D model made from photos easily deceived Alipay facial recognition login was exposed on the Internet. You can use the facial model to pass Alipay's facial recognition authentication, so as to log in to your Alipay account and perform payment and transfer operations. Although the technical side responded by calling it a malicious attack, the exposed problems still have to make people worry. Fingerprint recognition

Fingerprints, iris, finger veins, sclera and retina are all common biometric identification methods. These biological characteristics have a very different property, that is, they all have a certain degree of privacy and confidentiality, which means that there is no way to directly obtain them without close contact or close observation. But compared with these traditional biological characteristics, the human face basically has no so-called privacy at all. Moreover, fingerprints have been the first to be used in the payment field and have become popular. This is a level that face recognition has not yet reached.

But fingerprint recognition has also been cracked by using fingerprint film or even just a piece of chewing gum!

In summary, fingerprints and faces each have their own advantages. Face recognition is more convenient in many cases, while fingerprints have better privacy. Perhaps face recognition is also There will be greater development, but it is not absolutely safe, so I suggest you try not to use biometrics if you can! There is still a long way to go to use biometrics for security authentication. Perhaps there will be a qualitative leap when quantum computing becomes popular! Finally, regarding the question of security, I will give the final answer using a saying circulated in the hacker community.

It’s not a question of whether I can hack you, but whether you have the value to be hacked!

Nowadays, almost everyone has a mobile phone, so this security will mainly focus on protecting users’ personal privacy data, various accounts (Taobao, Alipay, etc.), and payment information. Because the face and fingerprint are both biometric information of the user and accompany the person throughout his life, it is a "password that will not change"! Therefore, security is not absolute. If most of your software uses these biometrics to ensure security, it is very risky, because unlike digital passwords, which can be changed at any time, the consequences will be disastrous if it is leaked! Let’s talk about some applications and differences between “face scanning” and “fingerprint”.

Face recognition: When you pick up the phone, the phone needs to actively capture the face. (Machine active)

Fingerprint recognition: You need to give one of your fingers to the fingerprint recognition module of the mobile phone. (On your own initiative)

Face recognition

Face recognition technology has been practically applied in information security fields such as PC login, mobile phone login, daily clocking in and commuting, etc., which has greatly improved people’s experiences in everyday life.

1. Turn on the "Face Recognition Unlock" function. Face recognition unlocking refers to technology that allows users to fully obtain personal information stored in the device by recognizing faces.

2. The user records his or her face through the camera, allowing the device to memorize facial information in advance.

3. Recognize faces through the camera and unlock and log in to the device. If the face matches "preset authentication information," the user can log into the device. If multiple people want to log into the same device, when a second user comes in front of the camera, the device software will automatically redirect to the new user's profile.

4. Alipay’s face recognition technology adopts a regional feature analysis algorithm widely used in this field. It integrates computer image processing technology and biostatistics principles, and uses computer image processing technology to extract facial features from videos. Extract facial feature points and use the principles of biostatistics to analyze and establish a mathematical model, that is, a facial feature template. Use the built facial feature template and the subject's facial image to perform feature analysis, and give a similarity value based on the analysis results. This value can be used to determine whether they are the same person.

5. Alibaba’s unmanned supermarket is actually covered with facial recognition cameras. From the moment a customer enters the store, they capture and track the customer’s stay time in front of each shelf, product selection, and action route. When entering an unmanned supermarket, facial recognition is used to lock customers. When you pick up something, the system will automatically record the item and quantity. There is no need to check out after selecting the product, and the cost will be deducted directly from the mobile phone.

Not long ago, a video was exposed on the Internet in which a 3D model made from photos was easily fooled into logging in through Alipay's face recognition. You can use the facial model to pass Alipay's facial recognition authentication, so as to log in to your Alipay account and perform payment and transfer operations. Although the technical side responded by calling it a malicious attack, the exposed problems still have to make people worry.

Fingerprint recognition

Fingerprints, iris, finger veins, sclera and retina are all common biometric identification methods. These biological characteristics have a very different property, that is, they all have a certain degree of privacy and confidentiality, which means that there is no way to directly obtain them without close contact or close observation.

But compared with these traditional biological characteristics, the human face basically has no so-called privacy at all. Moreover, fingerprints have been the first to be used in the payment field and become popular. This is a level that face recognition has not yet reached. But fingerprint recognition has also been cracked by using fingerprint film or even just a piece of chewing gum!

In summary, fingerprints and faces each have their own advantages. Face recognition is more convenient in many cases, and fingerprints have better privacy. Perhaps face recognition will have greater development. But these are not absolutely safe, so I suggest you try not to use biometrics if you can! There is still a long way to go to use biometrics for security authentication. Perhaps there will be a qualitative leap when quantum computing becomes popular! Finally, regarding the question of security, I will give the final answer using a saying circulated in the hacker community.

Today, as smartphones have gradually become more popular, smartphones have more unlocking and payment methods than before, including "face brushing" and "fingerprint". So which of these two methods is the safest? 1. Scan your face to unlock and pay.

As early as around 2014, the two major electronic payment platforms Alipay and WeChat took the lead in exploring “face payment”. By around 2017, major mobile phone manufacturers began to gradually pay attention to the face scanning function of mobile phones. Most mobile phones after 2017 support face recognition.

When it comes to the safety of "payment by facial recognition", many people feel that it is not safe. They always feel that others can steal the detailed features of their face to unlock or pay. In fact, this worry is somewhat unfounded. Developers have long thought of this situation, so most of the current face-swiping verifications are dynamic verifications. During verification, most users will be asked to nod, blink and other dynamic actions to increase the security of face-swiping.

This dynamic verification method can easily identify whether it is a real person or a picture. It will fully extract detailed facial information such as the distance between the eyes, the length of the nose, and the size of the mouth. The accuracy has reached millimeter level. Someone in a supermarket that supports face-swiping payment has done an experiment. When paying, a photo of Jack Ma was used to pay. The result was only four characters, that is, "not the person", so there is no need to worry about using photos to scan your face.

In addition, as facial recognition technology continues to improve, it will be safer in the future. Because iris recognition and voiceprint recognition will also be added to future facial recognition technology. Let me tell you about iris recognition. The iris is a part of the human eye. It can be fully developed from the fetal period and will not change throughout life. Moreover, everyone's iris is unique. In the future, the uniqueness of the iris will also be Increase the security of facial recognition.

Voiceprint recognition is also a high-end biometric technology. This technology can convert all human voice signals into electrical signals, and then use computers for processing and identification. It is also very safe. With the support of these two technologies, the security of face verification will be further improved in the future. 2. Fingerprint unlocking and payment.

Fingerprint is also a commonly used method for unlocking and paying for mobile phones. As another biometric technology, how secure is it? I personally think that fingerprint unlocking is at least more secure than digital passwords, and it is very convenient. When unlocking or paying, you only need to place your finger on the phone for fingerprint recognition, and the unlocking or payment can be completed immediately.

So although a person’s fingerprint is unique, it cannot be copied? I have seen an article before. After studying and analyzing a large amount of fingerprint information, researchers at New York University created a set of "universal fingerprints". It is said that using this fingerprint can fool many fingerprint recognition systems. Although the authenticity needs to be considered, this information has also made more people pay attention to the security of fingerprint unlocking.

However, fingerprint unlocking or payment is indeed a bit unsafe, that is, when you are drunk or asleep, if someone uses your finger to unlock or pay without your knowledge, then There will indeed be some unsafe factors.

If it is facial recognition, it will not be unlocked easily when you are asleep or with your eyes closed.

In addition, when we use fingerprint recognition, we must first enter our own fingerprint data. So will the corresponding mobile phone manufacturer or software owner steal the user's fingerprint information? You can rest assured on this point, as all major mobile phone manufacturers and software platforms will strictly keep users’ fingerprint information confidential. Then someone asked again, will this information be stolen by hackers? First of all, fingerprint scanning must go through the mobile phone hardware, and fingerprint information will not be transmitted on the software; in addition, even if the fingerprint information is stored locally on the mobile phone, the storage location is very safe, and these locations generally deny access to various software. These two points technically make it more difficult for hackers to steal fingerprint information.

To sum up, both fingerprint and facial recognition have certain security guarantees. If you have to say which one is safer, I personally think it is facial recognition payment. First of all, the cost of fingerprint copying is much higher than that of face copying; in addition, fingerprints are easily left behind in daily life, such as water cups, door handles, etc., while facial features are generally not leaked except in photos; and there are fingerprints Recognition can easily be exploited while someone is asleep, but facial recognition cannot.

In theory, facial recognition is definitely safer, otherwise Apple’s phones would not always insist on using 3D structured light technology instead of screen fingerprint recognition. Compared with fingerprints, facial recognition has great advantages in security.

First of all, real face recognition comes with a "living body detection" function. The so-called liveness detection means that when the mobile phone scans the face, it will first determine that the person in front of the camera is a real person, not a model or photo. This is the most basic function of face recognition. Without this function, face recognition cannot be used for payment. For example, many domestic mobile phones now support face unlocking, but there are very few domestic mobile phones that can be used for face payment like Apple's iPhone X. This is because the face recognition of most domestic mobile phones does not have a liveness detection function, and it is easy to be fooled by models or photos, and the security is not high.

If facial recognition wants to support "living body detection", it needs to use "3D structured light" technology. This technology was first used by Apple on the iPhone X. Its principle is to use an infrared projector to project countless infrared dots onto the human face, and then use an infrared receiver to collect information from these infrared dots and combine them into a three-dimensional face model. The greater the number of infrared dots, the more refined the model and the higher the safety factor. Since this 3D model is three-dimensional, it cannot be deciphered using photos.

During the face recognition process, the 3D structured light sensor will also verify that the user is using face recognition based on subtle movements such as blinking or tilting the head. Not a fake model. In this way, 3D structured light face recognition is almost impossible to crack.

In comparison, fingerprint recognition is less secure. Although fingerprint recognition also has "living body detection", it is impossible to be as precise as face recognition. For example, many experimental results show that finger molds made of conductive silicone can easily deceive the fingerprint recognition sensors of many mobile phones. Therefore, once the user's fingerprint information is obtained by a third party, it means that fingerprint recognition is no longer safe.

Of course, fingerprint recognition also has advantages. For example, it does not rely on 3D structured light like face recognition. Now some full-screen mobile phones even have under-screen fingerprint recognition. If facial recognition wants to be used for payment, it must rely on 3D structured light technology. In this way, the mobile phone screen will leave a gap like the iPhone X, which is commonly known as the "notch screen", and its appearance is not as good as Under-screen fingerprint recognition phone.

Neither facial recognition nor fingerprint scanning on smartphones is safe. To be honest, I am a transparent person in front of my wife, and I will not hide anything from her. So I can keep my phone in his hand all day long, and I won't worry about any scandals or anything like that.

But there was a joke between the two of us that also made me realize that scanning faces and fingerprints is the most unsafe thing.

I have a habit of falling asleep after drinking. After drinking a little bit of wine, I fall asleep when I get home. No one can wake me up and I don’t know what happened. One time I was really drunk. It was two o'clock in the afternoon when I got home. I slept for a day and woke up at about eight o'clock in the evening. I found my daughter-in-law playing with my mobile phone. I half-jokingly said at the time that I had fingerprints and facial recognition encryption, so how did you get into my phone and play with it? She was very cool. She smiled and said, "I'll take your phone and swipe your face, or press your fingerprint on your phone. Wouldn't it unlock it naturally?" His joke made me immediately feel that swiping my face and taking my fingerprints were really unsafe. Fortunately, my wife knew her fingerprints and could swipe my face. If this phone gets into the hands of someone else and I fall asleep in front of them, then everything in my phone will be exposed.

So I say that smart people should never set their mobile phones to scan fingerprints and faces. It is safest to use graphic locks and digital password locks. In this way, others cannot steal your information or see your mobile phone, so that your personal privacy can be better protected. This way your phone will always be in a safe state.

Therefore, based on my understanding of mobile phones, I feel that it is not safe to swipe fingerprints or faces.

Nowadays, there are many methods, such as facial recognition and fingerprint scanning, which are not very safe and always make people timid! There is no absolute safety except safety!

Smartphones have become the entrance to our mobile Internet, which bundles a large number of businesses, many of which are even related to money. So, once an information security incident occurs, the impact on everyone will be huge. Mobile phone verification login is our first barrier. There are two verification methods. One is the more traditional password verification, picture unlock verification, etc.; the other is verification using the unique characteristics of the organism, including facial recognition and fingerprint. wait. So, which one is more secure, facial recognition or fingerprint verification on smartphones?

Let’s first talk about the facial verification method. The one that does better should belong to Apple. In order to realize the face-swiping function, Apple mobile phones compromised the full-screen design and used a weird notch screen. The advantage of this is that the use of 3D structured light technology makes face verification more secure. Of course, if twins really cause trouble, this technology cannot be called very safe. But compared to other mobile phone manufacturers that can unlock the phone just by relying on photos, 3D structured light technology is relatively safe.

Of course, the most secure technology is iris recognition, but due to slow recognition speed and many limitations, this technology is not popular now.

As for fingerprint unlocking, it is even simpler. The screen authenticates by recognizing your fingerprint. The implementation methods include optical screen fingerprint recognition, ultrasonic under-screen fingerprint recognition technology, etc. Samsung mobile phones mainly use ultrasonic under-screen fingerprint recognition technology. Not long ago, it was revealed that Samsung S10 and Note10 series mobile phones have security risks. Foreign users found that after using the all-in-one silicone case, they can log in to their mobile phones and use payment programs without entering their fingerprints. I remember that at that time, major banks, Alipay, WeChat, etc. also urgently suspended the fingerprint payment function of these Samsung mobile phones.

From this point of view, the fingerprint unlocking function is not as safe as we imagined.

So, which of the two unlocking methods is more secure? From a certain perspective, any technology will have loopholes. There is no completely safe thing, but it can only be said to be relatively safe.

For an ordinary person, even if various technologies have loopholes of one kind or another, it is not realistic to restore and crack them. This is not something you and I can do. Of these two technologies, I prefer to use fingerprint unlocking. After all, only a few outsiders can access your phone. What we need to guard against are the "closest" people.

Facial swiping is weaker than fingerprint unlocking. I can't sleep with my face covered! At least I can still detect it if I move my fingers in my sleep! If that doesn't work, let's just use our toes! Hahaha

No matter in the past, present or future, no one’s fingerprints will be exactly the same as yours. But it is very likely that there will be two people with a similarity of more than 99%. In theory, "fingerprint" is more secure than "face swiping", but in fact it is not, and "fingerprint" is not absolutely safe.

"Fingerprints" are actually uneven textures. It is easy to copy a person's "fingerprints". You can use fingerprint film or silica gel to easily copy fingerprints.

A very small number of patients with dermatoglyphics do not have fingerprints. This may be related to mutations in the gene (SMARCAD1). Although fingerprints are related to DNA, fingerprint patterns cannot be reconstructed through DNA analysis.

"Fingerprint" unlocking can easily fail when encountering winter skin folds, skin folds when washing clothes/dishes, bacterial/fungal infectious peeling, acid/alkali corrosion, etc. "Face recognition" has resolved many embarrassing scenes

In the early days, there was no "off-screen fingerprint unlocking", which meant that the fingerprint unlocking module would take up a lot of screen space in the "full screen era" Ratio affects the visual effect. Some manufacturers will move the fingerprint unlocking module to the back of the phone to improve the barrier ratio, but it is still not as comfortable to use as a phone with "face recognition".

"Face recognition" can be unlocked by lifting the phone, while "fingerprint unlocking" requires moving your finger into the unlocking module to complete the unlocking. Therefore, "face recognition" can resolve many embarrassing situations, such as: "Face recognition" is not foolproof

At present, the more mature technology for "face recognition" application is 3D structured light technology. Compared with the past The 2D face recognition can only recognize the face image on the screen, while the 3D structured light can project tens of thousands of infrared rays to model and recognize the face outline, which greatly improves safety.

At the FIT2017 Internet Security Innovation Conference, technicians used 3D modeling software to refer to the facial features of "Aaron Kwok" photos and made corresponding 3D model images in a short time, and compared the results through the face building software , the fake 3D model is enough to crack general face recognition.

This means that once someone has a photo of you, they can 3D model and print out your face. Obtaining a photo is much easier than obtaining a "fingerprint".

When Face ID debuted, many identical twins showed off online that they could unlock Face ID at the same time. There is also a pair of twins from Russia who accused Face ID of not being able to distinguish them, causing damage to their personal privacy and causing mental damage, and asked Apple for compensation.

Although more and more new technologies have been added to "face recognition" in recent years to improve the accuracy of recognition, "face recognition" is indeed not as safe as imagined. What a terrifying thing it would be if you were asleep or drunk and someone else unlocked your phone through "face recognition", obtained a lot of private information, and transferred money. "Fingerprint unlocking" and "face recognition" are not as secure as digital unlocking and image unlocking

The initiative of "digital unlocking" and "image unlocking" is completely in your own hands, and you can keep it in your mind what others think Obtaining it is extremely difficult unless you tell yourself.

"Fingerprint unlocking" and "face recognition" are mainly designed for convenience, but their security issues cannot be ignored.

Many mobile phone manufacturers need to set up "digital unlock" when turning on "face recognition". When the phone does not light up the screen for a long time or restarts the phone, it needs to be "digitally unlocked" before turning on "digital unlock". Face recognition”.

As users, we cannot put all our eggs in one basket, such as setting the lock screen password and bank card password to be the same. This is very undesirable.

For example:

Use "face recognition" to unlock, you can use "fingerprint unlock" to open the locked APP, and then use a digital payment password different from the lock screen password to transfer money and payment.

In fact, there is no single verification method that can achieve 100% security. When necessary, multiple verification methods need to be combined. For example, when handling business at a bank, you need an ID card, a signature, and a fingerprint. , scan facial images, etc.

Nowadays, "fingerprint unlocking" and "face recognition" technologies have become very mature. Whether it is in terms of security or convenience, it is difficult to compete. But we cannot rely too much on them, but should use multiple authentication methods to protect our personal privacy.

The above is just my personal opinion. Criticisms and corrections are welcome.

There are two types of facial recognition methods. One is the 2D image recognition that comes with the Android system. The other is the 3D structured light that iPhoneX started to enable. Due to the combination of 3D modeling, this facial recognition has a one-in-a-million cracking probability according to Apple, but there will still be some problems, such as twins or "special statues" unlocking, which have been reported before It broke out.

Due to the uniqueness of human fingerprints, the most secure method currently is obviously fingerprint recognition, which is why most Android manufacturers are still firm on fingerprint recognition.

One more thing, Samsung used iris recognition for a while, and it was obviously safer than 2D facial recognition, but because the experience was so bad, Samsung itself gave up after a few generations.

Which one is safer, facial scanning or fingerprint scanning on a smartphone? I think fingerprints are safer at present, while facial scanning is a bit more childish.

Nowadays, the security of smartphones is quite good. Unlike the contact type of fingerprints, facial recognition feels very high-end, but its security is still relatively poor, because it relies on Although Apple or Huawei mobile phones now use a 3D facial recognition method, which improves security, it can only be said to be an improvement. It does not solve the substantive problem, that is, it can be copied at will. When the face comes out, think about whether it is very simple to change the face. It is really possible, but the fingerprint is different. The fingerprint must be alive, and the fingerprint itself is not repeated, and its texture is very judgmental, and The simplification of human faces is different.

So I think fingerprints are more secure. I can only say that faces are more convenient, or may become mainstream in the future. But currently, security is still far from good.