Can Face Verification Revolutionize Web3 Security and User Experience?

Sayfer, a leading cybersecurity firm for web3, recently conducted a research study in collaboration with FaceTec, the leader in 3D face verification software, to investigate the potential of using this technology to enhance the security and user experience on web3 platforms.

• How is face verification technology currently used in the web3, blockchain Defi, and crypto exchanges? Can you provide examples of its implementation and effectiveness in these areas?
  A: Face Verification for onboarding and Face Authentication for ongoing user access can ensure that a service provider knows with high confidence who is gaining access to a digital account. Government identity methods, like driver licenses, passports, and national IDs, represent foundational proof of our legal identities and have standardized on face images to bind a real living human to a verified identity. Thus, service providers can use the same data to verify an applicant’s identity when they apply for an account, as well as when they attempt to use a previously granted privilege. Some service providers, who prefer to maintain the most secure environments for customers and employees, utilize 3D face liveness and matching.
  

• Currently, exchanges use two-factor authentication and email verification processes to ensure that transactions are performed by verified individuals. However, this process doesn’t actually verify the identity of the individual, just that a device or network endpoint can be accessed. In addition to the lack of positive identification, the two-factor process can take up to 1-3 minutes per transaction, causing delays and inconvenience for users. Can face authentication technology provide a more efficient solution to the problem of transaction verification on exchanges? How does it work, and how does it compare to the current 2FA and email verification process in terms of speed and security?
  A: Any identification factor that is at least one degree separated from the user can be captured, shared, transferred, and utilized by an unauthorized individual. Non-biometric factors can’t provide the deterministic confidence that cryptographers think they do (0% or 100% the real user) because they can’t be sure who is actually holding the device. Multifactor Authentication (MFA) decreases the statistical probability that an imposter has taken control of the device/endpoint by utilizing more than one factor, but it provides a false sense of security when it is ta The offset is a potentially degrading user experience risking abandonment and rewarding fraudsters’ usage of social engineering. However, positive biometric user identification does provide high confidence, and when proper technology is used, a single-factor authenticator can provide significant security. Pairing that positive user identification with a second factor, like a network endpoint or passcode/key, provides an almost impossible hurdle for fraudsters to overcome while providing real users with a low-friction experience. There are significant advantages to employing 3D face liveness and matching over other 2D biometrics. Three-dimensionality offers orders of magnitude more measurable face data, increasing statistical confidence in match outcomes. Since human liveness and face-matching data are collected concurrently from the same secured camera feed, the presence of the user is extremely difficult to fake. The best part of this security scheme is that 3D face verification only requires taking a short video selfie, which is familiar to nearly all smart device users.
  

• In the web3 environment, users prioritize maintaining their anonymity and ensuring that their personal information is not leaked or misused by companies. They also want to trust that their identity will not be exposed to hackers. How can facial recognition technology be used to create a better user experience while also maintaining a secure environment for web3 users? How can users trust that their identity will not be exposed or leaked through the use of this technology?
  A: When comparing the live user to their legal identity photo, the user is being identified, that’s the point, but 3D FaceMaps can also be used in anonymous systems and use N:N deduplication to only allow one person, one account. This makes the users’ 3D face biometrics their unique identifier, not their legal name/number. Still, there are biometric data in the form of encrypted images that are collected and stored by the digital account provider. If this data were breached, it could be used to identify individuals, so to combat this threat, a storage type called 3D FaceVectors was invented. These files contain no image data and cannot be used to match against any other biometric data outside that specific organization’s system. This storage type protects users if their data is ever breached yet still provides positive identification and authentication. Assuming service providers adopt and enforce best practices and the most secure system architectures, 3D face liveness, and biometric matching provide the best verification and authentication solutions.
  

• Hackers can gain unauthorized access to web3 platform hot and cold wallets, putting sensitive information and assets at risk. Can face authentication technology be used to protect web3 platform wallets and prevent unauthorized access by hackers?
  A: 3D face liveness and matching should be considered a best practice for user and employee identity verification and authentication, but should be paired with a network endpoint such as a phone #, or an email address. If the user has access to the designated endpoint then they should prove their identity by providing biometric data (a 3D FaceScan) that matches the data collected when the account was opened.
  

• Phishing attacks on web3 platforms such as workspace applications and discord have become a growing concern as they can lead to the loss of personal and financial information. One way to combat these attacks is through the use of face verification technology, which can verify the identity of users and prevent unauthorized access to sensitive information. Can 3D face biometrics be effectively utilized to reduce the threat of phishing on web3 platforms?
  A: Any identity credential, verifier, or authenticator that is at least one degree separated from the real, living human being can be used by an importer. Liveness-proven biometrics are literally derived from the real, living human and, as such, are the only true zero-degree verifier.  Just like in the real world, our identity documents are compared to our live faces by authorities granting access, 3D face biometrics provides the same level of confidence as an in-person verification, but does it remotely, using almost any modern smart device.