Tech

Amazon's Latest Security Measure? Selfies

OUR SELFIES, OURSELVES

Amazon and MasterCard want to use selfies as passwords, meaning they’d collect hundreds of pictures of you.

articles/2016/04/05/amazon-s-latest-security-measure-selfies/160404-whittaker-selfie-pay-tease_xzvcnq
Photo Illustration by Emil Lendof/The Daily Beast

If you’ve ever been concerned about your picture being forever in the cloud, your fear may soon become an inevitability, as more and more companies are beginning to adopt the selfie as a security feature.

Mashable reported that Amazon is the latest company to lay the groundwork for using your phone and laptop’s cameras to replace a tediously typed password for a security measure. The technology would require various facial gestures (closing one eye, tilting one’s head to one side) to confirm that the photo is being taken in real time—and that it’s you taking it.

It seems like a wise move: forget biometrics, fingerprints, retina scans, elaborate passwords, and everything else available for secondary security protocols. Selfies make sense, if only because the other methods are increasingly easy to crack. Retinal scans aren’t mobile friendly yet. Your password might be hard to crack, but it’s always been easy to capture, lift, memorize…and then it’s out there in the world for all to use indiscriminately.

ADVERTISEMENT

Fingerprints seemed like the logical choice, until you remember that it’s been demonstrated that fingerprints can be lifted and used by someone else’s hands.

And selfies make sense, especially for people who don’t always keep their phones as private as they should. The smart device world isn’t as secure as we’d like to believe. Multiple people may have access to devices (and passwords), from significant others to children and drunk friends.

Think about microtransactions, which have led children to run up bills of hundreds of dollars on smartphone games while their parents looked on unaware it was happening. Microtransactions of a dollar or two aren't noticeable until they begin piling up.

But needing a selfie to authorize them puts payment control back in the hands of the owner of the phone, not just whoever might have the passcodes. It could keep kids from making purchases in games without parental consent, and avoid that awkward situation of forgetting a password for a service you never sign out of.

It also means Amazon will have records of your appearance a hundred times over, from a dozen different angles.

That’s a security concern, especially if they keep all that data stored somewhere. Ten photos of you from different angles in the wrong hands could make it easy for a hacker to make thousands of dollars in purchases without you knowing it.

That fraud concern, or ones like it, is what led MasterCard to lay plans for similar technology, requiring a second confirmation that you’re really you. They’re also looking into eye scans, heartbeat monitors and a dozen other biometric securities to keep someone from impersonating you.

Hackers are notoriously one step behind—or even ahead—of security engineers at all times, so if this technology gets rolled out it’s only a matter of time before someone figures out how to breach it—or worse: steal your data from a secure server and use it like a master key. All without you noticing anything missing. Because while you might be the kind of person that keeps a notecard in your wallet with all your pins and passwords, you’ll notice your wallet missing at some point. As security advances, less and less of the protection is entrusted to the user, and more to lines of code guarding a server with millions of users’ data alongside yours.

That means as the war between engineers and hackers escalates, more of your personal data--and more access to every corner of your digital life—is at stake.