Even identical twins can’t fool the facial recognition in Windows 10



Microsoft’s new biometric authentication is too smart for lookalikes.





Just in case you missed it, Microsoft launched Windows 10 a little over a month ago. (If you’re wondering why you missed Windows 9, that’s because it never happened.) One of the celebrated features of the new operating system is called Windows Hello, which Microsoft bills as a more personal way of logging onto Windows 10 devices.

Instead of simply signing into Windows with a password, Windows Hello beefs up user security by letting you use your face, fingerprint, or iris to authenticate yourself, provided your PC’s hardware supports the software requirements. While fingerprints or irises might be hard to fake, we’ve probably all seen enough dodgy facial recognition fails to make us think twice before trusting our user login to a webcam. Windows Hello requires the use of Intel’s RealSense camera, but is it really secure enough to keep lookalikes out?

To test the theory and see how reliable Windows Hello really is when it comes to identifying unique faces, The Australian tested the feature with six pairs of identical twins, enlisting volunteers through the Australian Twins Registry (ATR).

It’s a valid experiment: we may think of twins as making up only a small amount of the population, but it’s a sizeable minority. According to the ATR, one in 40 people is a twin in Australia, and about one-quarter to one-third of those pairs is identical. This makes about 1 percent of the population identical twins, so if Microsoft is rolling out facial recognition as an enterprise-grade security feature, it deserves more than a little scrutiny.

The Australian took six sets of identical twins, with one twin from each pair registering a Windows account on a Lenovo Thinkpad notebook and setting up facial recognition as a method for logging in. In testing, the system never mistakenly let a twin access their sibling’s account, although the software did experience a few glitches when identifying valid login attempts.

“In the end, there were some cases of Windows Hello taking its time to identify a twin, but no case of it wrongly granting access. That’s a win for Intel and Microsoft,”writes The Australian’s Chris Griffith.

“It could distinguish between us two quite easily,” said Miriam Jeffrey, who tested the feature along her twin sister, Annabelle. “It’s a little surprising, I thought it would have failed, but no, it was really good, it was really quick.”

Interestingly, the system can be partially fooled if a pair of twins used both their faces when initially setting up the feature; later on, either face can then be used to sign in to the account (which seems reasonable, when you think about it).

According to Microsoft, the Windows Hello system and the Intel RealSense camera – which uses three separate lens systems to detect heat and depth – provide a false acceptance rate of less than one in 100,000. If that’s not good enough for you, you can always stick to conventional passwords. But if you do, just try to make them hard to hack. And, of course, steer clear of “PASSWORD” and “12345678”.