Lip reading: biometrics you can reset just like passwords

Fingerprint. Voice. Face. Today’s smartphones already include a wide variety of biometrics features that allow you to unlock your phone, access apps and even authorize payments. Now, researchers at Hong Kong Baptist University have come up with a new identity authentication system – using lip reading.

You’re probably asking yourself why we need yet another biometric technology. After all, biometrics have been touted as the replacement for passwords for years now with their promise of exceptional security and outstanding usability. But passwords are still here.

Biometrics have had challenges and these have significantly slowed progress, with cost and accuracy being the main two. But costs have reduced dramatically over recent years since biometrics shifted from being hardware-based and dependent on expensive specialist technology to software- and cloud-based and reliant solely on standard smartphone features such as cameras.

On the accuracy side, biometrics still have some challenges. First, they have to cope with changes in our body, such as when we are ill, injured – or simply getting older, as this Digital Trends report reveals. While accuracy has improved in recent years, biometrics will never give you the definitive “yes” or “no” a password can.

Biometrics also faces another significant obstacle: you can’t reset them if they’re compromised. But lip-reading biometrics have overcome that by combining biometrics with passwords, as project leader Cheung Yiu-ming explained to the South China Morning Post:

While the technology is similar to other types of biometric recognition systems, such as fingerprint reading, it adds an extra layer of protection by allowing users to modify their passwords – in the form of lip-syncing a phrase – in the event of a security breach.

The system works by visually analyzing the user’s lip sequence when they utter a short phrase in front of their smartphone’s camera. It tracks lip shape, movement and even texture, according to Gizmodo.

As with other biometric technologies, the lip-reading tech has to learn to recognize the user’s identity – in this case their lip sequence. To do that, the user simply repeats a phrase – or even mimics a bird song – 10 times. This learning process also allows the system to build the threshold it needs to help it decide whether to accept or reject an identity.

The system is still a prototype with an overall accuracy of around 90%.  It also has no dependence on language, which makes it great for people with speech disabilities. Cheung hopes to see the US-patented technology rolled out within a year, stressing that it was not mutually exclusive to other authentication systems.

After all, to achieve the strongest security, you need to combine authentication solutions together. And multi-factor authentication is fast becoming the norm. While one of those factors is often a biometric, the other is often something we know such as a password, PIN or even a pattern.

What that biometric is depends on the situation. For lip reading, the researchers expect it to be primarily used to verify a user’s identity when their in a public place, as Gizmodo notes:

Even if someone overhears what you’ve said, it should be impossible for them to fool a device.

While Business Insider highlights lip reading’s potential use “at ATMs instead of a PIN code or to authenticate purchases and financial transactions”, the South China Morning Post sees it also being used in customs clearance situations.

As biometrics become part of our everyday lives, lip reading isn’t the only new kid on the block. Google has been talking about ongoing passive authentication for some time and the behavioural biometrics described in this article in The Telegraph last year fits that bill. Continually monitoring your behaviours – such as your typing pattern and location – to ensure you are who you say you are, we can expect behavioural biometrics to also have a key role to play in tomorrow’s security landscape.