One-click buying is so yesterday. Sure, it’s convenient. But what happens if someone gets hold of your Amazon password and starts one-clicking everything from bacon bandages to ladybugs in bulk? Think of the damage. Think of the pain.
On its way in: pay-by-selfie. As in, take a picture of yourself, wink a couple times to let the technology know you’re a real live person, and get your goods delivered in a couple of days. It sounds sci-fi, but on Thursday, Amazon filed a patent application for the process, which they call “Image Analysis for User Authentication.”
The necessity of the new technology is outlined within the application:
While many conventional approaches rely on password entry for user authentication, these passwords can be stolen or discovered by other persons who can impersonate the user for any of a variety of tasks. Further, the entry of these passwords on portable devices is not user friendly in many cases, as the small touchscreen or keyboard elements can be difficult to accurately select using a relatively large human finger, and can require the user to turn away from friends or co-workers when entering a password, which can be awkward or embarrassing in many situations. In order to avoid typing in long passwords in such situations, users often have their passwords stored on their devices or enable information to be stored elsewhere such that an activity can be performed without manually re-entering the password. When using such an approach, however, another person having access to that device can impersonate the user for any task associated with the store password. As a compromise some users utilize short and simple passwords, but these passwords can be easily hacked by an unscrupulous user or application.
The TL;DR: passwords can be stolen, humans have fat sausage-fingers, and it’s apparently embarrassing to have to turn away from friends to hide the fact that we’re entering in our super-secret passwords. Which we compensate for by letting our passwords auto-fill, or keeping them short enough to the point of being non-secure.