OnePlus Face Unlock fooled by my brother (6 years age difference), has anyone else experienced this?

[Frhodo]

I recently updated my OnePlus 3T to the latest version of Oxygen OS (5.0.3) and set up the new face unlock feature that was included in the update. Everyone jokes about how similar my brother and I look, so I thought I would try it on him out of curiosity. It works 100% of the time (for the 15 or so times we tested it). Has anyone else had a similar experience? Do you think that this may be OnePlus 3T specific, possibly simpler less accurate software to run effectively on older hardware, or do you think it could be an issue on older models?

 

I was slightly worried about how easily it was fooled; my brother and I look fairly similar but I'd hoped that their algorithms would be good enough to cope with it.

[Skiiwee29]

its not 100% science when it comes to that technology on mobile devices like that. For security purposes, the best is likely to just use the finger print scanner for the most security. 

[D13H4RD]

Face Unlock on most Android phones just utilize a photo and a front-facing camera, so it’s not going to be secure 

[seon123]

I have the 3, and I can unlock it with half my face covered. Not the most secure thing in the world, it seems. 

[wojtepanik]

phones like galaxy s8 and ipX works by illuminating face with IR or project dots, they are far more secure, I quess 1+6 has also IR 

[GoodBytes]

8 minutes ago, Frhodo said:

I recently updated my OnePlus 3T to the latest version of Oxygen OS (5.0.3) and set up the new face unlock feature that was included in the update. Everyone jokes about how similar my brother and I look, so I thought I would try it on him out of curiosity. It works 100% of the time (for the 15 or so times we tested it). Has anyone else had a similar experience? Do you think that this may be OnePlus 3T specific, possibly simpler less accurate software to run effectively on older hardware, or do you think it could be an issue on older models?

 

I was slightly worried about how easily it was fooled; my brother and I look fairly similar but I'd hoped that their algorithms would be good enough to cope with it.

Sorry to say, but on Android, manufactures are more interested in checking boxes, than actually do a good job on many things, unless a ready-to-use solution already exists (all the work is done for them via the OS, for example. Or the manufacture of the hardware specific features has drivers made for them). R&D costs A LOT of money and TIME, and expertise. Time is the killer here, as the Android market is a very competitive world for Android. If you don't have have all the features than the guy next to you, you are out. That is why now nearly all phone have notches now. They don't evaluate what is good or not, or better, or come up with something new.. they just copy each other. Samsung doesn't have a great facial recognition either if you wonder.

 

The only ones that has a good system are:

• Apple
• Microsoft via Windows Hello

I suggest to use your finger print scanner instead, as all the manufacture of the phone only needs to get a good one, and the rest (the analysis of the finger print) is done by the OS

[D13H4RD]

I’d just use the fingerprint sensor. The one on the 3/3T is pretty fast and it’s much more secure

[Guest]

All of you that say that fingerprint sensor is secure are mistaken too. The fingerprint sensors are not that accurate, there is a 1/50000 chance that the phone just opens to a random fingerprint. The only secure unlock method is a full on password(not pin) and atleast 10 letters long, that also contains random characters, numbers and lots of variation in letter case.

Not talking about the fact that with fingerprint someone can just use your hand against your will to unlock your phone.

 

Unlock methods in order of security:

Good Password

Pin that is longer than 5 digits

Fingerprint

The drawing thing if you have an unique drawing

Face unlock that only uses camera

[TopHatProductions115]

20 minutes ago, Some Random Member said:

All of you that say that fingerprint sensor is secure are mistaken too. The fingerprint sensors are not that accurate, there is a 1/50000 chance that the phone just opens to a random fingerprint. The only secure unlock method is a full on password(not pin) and atleast 10 letters long, that also contains random characters, numbers and lots of variation in letter case.

Don't know if I can agree with you on that point:

• https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

Not just any password will do  Passwords can also be had through exploits, so there's that too. A decent biometric verification/authentication method will usually be way more difficult to crack than a text-based verification method without some form of 2FA at the very least. Just use U2F if you're actually concerned  I don't trust smartphone security (alone) too much anyway.

[Guest]

10 minutes ago, TopHatProductions115 said:

Don't know if I can agree with you on that point:

• https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

Don't know if I can agree with you on that point:

 

Have you heard against the dictionary attack? If you type 4 words without any mis-spellings or random characters, that is very easy to crack.

The most secure password is when you yes, write a sentance, but you misspell some words and also throw some random characters into the mix so that a dictionary attack is impossible. But don't use the common misspellings, like changing S into 5, because the modern dictionary attacks can also account for that.

 

Source: Not some crappy popular science gizmodo.

 

 

Hacking into your account right now

[TopHatProductions115]

16 minutes ago, Some Random Member said:

Don't know if I can agree with you on that point:

 

Have you heard against the dictionary attack? If you type 4 words without any mis-spellings or random characters, that is very easy to crack.

The most secure password is when you yes, write a sentance, but you misspell some words and also throw some random characters into the mix so that a dictionary attack is impossible. But don't use the common misspellings, like changing S into 5, because the modern dictionary attacks can also account for that.

 

Source: Not some crappy popular science gizmodo.

Did you even read the article? That's almost exactly what it suggested. And yes, I've heard of a dictionary attack. That's why I'm against randomised passwords. Just take the passphrase method (that they mentioned) and salt it a bit. Add various elements to increase the difficulty.

 

"This is why the latest set of NIST guidelines recommends that people create long passphrases rather than gobbledygook words like the ones Bill thought were secure."

 

Don't throw insults without reading the opposing viewpoint first - just makes for bad discussion...

[Guest]

1 minute ago, TopHatProductions115 said:

Did you even read the article? That's exactly what it suggested. And yes, I've heard of a dictionary attack. That's why I'm against randomised passwords. 

 

"This is why the latest set of NIST guidelines recommends that people create long passphrases rather than gobbledygook words like the ones Bill thought were secure."

Well i didn't agree with Bill then and i wont agree with him now. If you create long passphrases, and don't make any misspellings or mistakes, it is still easy to crack.

If you use short, but totally random password, that is easy to crack.

 

The best would be to use best of both worlds, and have a long passphrase that also incorporates some wierd misspellings.

Also if you know any language that is not english use that for your passphrase, because most dictionary attacks use english.

[Aleks NE]

50 minutes ago, Frhodo said:

I recently updated my OnePlus 3T to the latest version of Oxygen OS (5.0.3) and set up the new face unlock feature that was included in the update. Everyone jokes about how similar my brother and I look, so I thought I would try it on him out of curiosity. It works 100% of the time (for the 15 or so times we tested it). Has anyone else had a similar experience? Do you think that this may be OnePlus 3T specific, possibly simpler less accurate software to run effectively on older hardware, or do you think it could be an issue on older models?

 

I was slightly worried about how easily it was fooled; my brother and I look fairly similar but I'd hoped that their algorithms would be good enough to cope with it.

I had the OnePlus 5T and out of curiosity I tested it on Pictures, just on my Phone, I printed one and screen shared to a 4k TV, it never unlocked.

[Guest]

38 minutes ago, VegetableStu said:

I know what you're referring to, although I can't help to imagine da Vinci's phone unlock requiring to draw

 

Only takes a few years to open your phone...

 

But english isnt my strong suite, so i cant remember what it is called, something like a pattern or a drawing.

[ScratchCat]

8 hours ago, Some Random Member said:

The best would be to use best of both worlds, and have a long passphrase that also incorporates some wierd misspellings.

Also if you know any language that is not english use that for your passphrase, because most dictionary attacks use english.

Very long unpredictable sentences are also used for bitcoin HD wallet master keys using 20 words from a 2000 word set.

 

An interesting counter to dictionary and rainbow table attacks is to use non standard characters such as åĥðß if the password system allows them. This is also useful for master passwords where keeping the contents secure is paramount.