A new secure user-verification system based on the psychology of face recognition has been developed with the intention of eliminating the problem of forgotten passwords and potentially preventing huge data breaches in the future.
The Facelock system plays to the strengths of human memory by allowing users to select a set of faces familiar only to them, which are then displayed on a series of grids with other unfamiliar faces.
The details of the new verification system are published today in the open-access journal PeerJ.
"Pretending to know a face that you don't know is like pretending to know a language that you don't know - it just doesn't work," said Rob Jenkins, lead author and psychologist at the University of York.
"The only system that can reliably recognise faces is a human who is familiar with the faces concerned."
Jenkins hopes that software developers will now take the framework of Facelock and turn it into a "polished app", with the system rolling out in the next product cycle of devices.
Data breaches are an increasingly common problem, with many major firms like eBay forced to urge users to change their passwords due to threats from cyber-criminals.
Such issues are often linked to the weak security protocols involving only usernames and passwords and have even led the founder of the 50-year-old authentification system, Fernando Corbató, to state that it is only good for preventing "casual snooping".
"First of all, we didn't foresee the current internet," Corbató said in a recent interview with the Wall Street Journal. "Passwords are not a super high level of security, but are enough to protect against casual snooping."
Other security experts have also criticised the outdated technology and called for a new alternative to prevent further data breaches and spear-phishing attacks.
"The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today," said Brian Spector, CEO of CertiVox.
"(The eBay incident) was just the latest in a long line of attacks that highlight the need for the wider technology industry to take another look at the methods that they employ to secure services and data."