One-click buying is so yesterday. Sure, it’s convenient. But what happens if someone gets hold of your Amazon password and starts one-clicking everything from bacon bandages to ladybugs in bulk? Think of the damage. Think of the pain.
On its way in: pay-by-selfie. As in, take a picture of yourself, wink a couple times to let the technology know you’re a real live person, and get your goods delivered in a couple of days. It sounds sci-fi, but on Thursday, Amazon filed a patent application for the process, which they call “Image Analysis for User Authentication.”
The necessity of the new technology is outlined within the application:
While many conventional approaches rely on password entry for user authentication, these passwords can be stolen or discovered by other persons who can impersonate the user for any of a variety of tasks. Further, the entry of these passwords on portable devices is not user friendly in many cases, as the small touchscreen or keyboard elements can be difficult to accurately select using a relatively large human finger, and can require the user to turn away from friends or co-workers when entering a password, which can be awkward or embarrassing in many situations. In order to avoid typing in long passwords in such situations, users often have their passwords stored on their devices or enable information to be stored elsewhere such that an activity can be performed without manually re-entering the password. When using such an approach, however, another person having access to that device can impersonate the user for any task associated with the store password. As a compromise some users utilize short and simple passwords, but these passwords can be easily hacked by an unscrupulous user or application.
The TL;DR: passwords can be stolen, humans have fat sausage-fingers, and it’s apparently embarrassing to have to turn away from friends to hide the fact that we’re entering in our super-secret passwords. Which we compensate for by letting our passwords auto-fill, or keeping them short enough to the point of being non-secure.
Amazon isn’t the first to the pay-by-selfie game—Mastercard, for example, has already announced that they’ll be rolling out similar technology soon. That said, Amazon points out within the application that most uses of facial recognition technology are imperfect, as they can be tricked using photos of a person rather than an actual, living face. Amazon’s proposed technology, however, will require users to perform an action, such as blinking or tilting their head, to demonstrate that they’re really there in person, ready to make a purchase.
The good news about paying by selfie is that it clearly deters hackers from going on spending sprees in your name. It also deters less-responsible human beings (read: children) from making indiscriminate purchases on an account.
But…if this comes to Amazon, does that mean we’ll have to stop mooching off our friends’ Prime accounts and finally pay for one for ourselves? This is an important question, and we need answers. Here’s hoping the pay-by-selfie feature is applicable to each card within an account.