How Does Facial Recognition Work and Is It Secure?

Okta's cloud-based authentication gives users high-assurance with simple-to-use factors like biometrics and push notifications.

Facial recognition software compares two images that include a person's face. One is relatively recent, and the other resides within a database. Algorithms attempt to make a "match" between the two. When it’s successful, face recognition software could determine a person's identity from a photo.

What is facial recognition technology?

Facial recognition software uses a database filled with images, an algorithm to compare two items, and user inputs to confirm or deny matches. The goal is to link an image taken with an identity of a person. 

Facial recognition software typically relies on three steps:

  • Capture: A camera collects your image. Sometimes you initiate the photo (by looking into your phone's camera, for example), but your photo could be taken without your knowledge.  
  • Modification: Face recognition software measures the width of your eyes, the relation of your eyes to your mouth, and other core features. All of that information is transformed into a digital signature.  
  • Search: Your digital signature is compared to thousands of data points within the algorithm. If the system already knows you, a match is made. The system may also deliver several potential matches, ranked by probability. 

Here's an example of how facial recognition could be used. 

Police were looking for a man wanted in connection with a child abuse case. They had an image of the person, but they didn't know where he was at the moment. A company with a database of 3 billion images stepped in to help. They uncovered a photograph showing the man standing deep in the background. His image was tiny (about half the width of a fingernail). But it was enough for a positive identification. 

Industries that use facial recognition software

We often associate facial recognition software with law enforcement. Police officers use it to spot and apprehend suspects, and photos provide a valid avenue for arrests. But your image could be used in many other ways.

These are other industries that also use facial recognition:

  • Healthcare: Hospitals and clinics could use your image to help you check in or check out of care. You'll get the treatments you need with less paperwork. But some health systems are also experimenting with facial recognition to spot their clients doing unsafe things, such as smoking or skipping their medication doses.  
  • Marketing: Some membership-based organisations, such as gyms, use facial recognition to distinguish frequent users from lapsed customers.  
  • Online security: Your phone may unlock after you peer into the camera, and it may remain locked if a thief tries the same technique. Some databases work in the same manner.  
  • Physical security: Your company may have a photographic database of all authorised personnel. If someone unusual appears in an image, the system alerts the staff.  
  • Social media: Companies like Facebook allow users to "tag" their friends in photos. The information could be used to tailor online experiences based on where the person likes to go and whom the person is seen with.  
  • Travel: Your mugshot could place you on a no-fly list. If you attempt to board an aeroplane, the authorities will know. 

As facial recognition software grows more ubiquitous, this industry list may grow.

Face recognition drawbacks

Facial recognition could keep unauthorised or criminal activity in check. But it's not a perfect form of security. 

The software relies on a database of images, and it's only as accurate as the data it's fed. If the dataset includes mostly white, male people, the system will struggle to correctly identify women and minorities. This could lead to false-positive identifications and unfair arrests. 

The system could also violate your privacy. Most of us expect a degree of anonymity wh