Gazepass lets you enable passwordless login on your web & mobile apps with just a few lines of code — your users will be able to sign up with Google/email and login using native biometric sensors or face ID via webcam. Get started at gazepass.com.
i managed to enter my account with a high quality 3D mask....can you talk more about your biometrics? how is it built
Report
Maker
@ourielohayon Our camera face ID is a fallback method if you don't have biometric sensors -- it has anti-spoof enabled in subsequent logins and we are working on making it stronger and more accurate -- however, that is not a replacement or alternative for native biometric sensors (as native sensors do have significant hardware level advantages over a regular camera face ID); it's meant to be an additional layer of security if you don't have a biometric sensor and/or on top of your email OTP.
We use texture analysis to determine if an image is spoofed or not. We are in the process of deploying a new spoof model which should improve the security by a large threshold (should become more difficult to spoof even with a high quality 3D mask) -- it will be using both texture analysis & temporal information of frames (ie a very short video clip almost).
Happy to get on a call and answer more questions if it's of interest to you. Feel free to sign up to our slack -- gaze.ai/slack -- or email me t[@]gaze.ai. Thanks!
Doesn't seem good right now. Easily spoofed. Computers don't have native biometrics
Report
Maker
@ourielohayon We're deploying a new set of spoof models in the coming weeks -- this should be fix most spoof issues. Would love for you to join our Slack -- gaze.ai/slack -- to stay updated.
Also -- The camera face ID is always a second factor (used on top of a first factor). So, you can't just spoof the image and get access to someone's Gazepass account (you'd have to break 2 factors to do that -- one of which will be the email/Google account/trusted device).
@gazeattaus we surely understand that part we were the first company in the world to have built such a system applied to a high scale wallet product.
Report
Maker
@ourielohayon Nice! We'd love to stay in touch & send over an update when we deploy the new spoof recognition models. Cheers 🥂
Report
Maker
Hey everyone 👋,
Taus from Gaze here. We are super excited to share our passwordless login API with you!
Passwords add friction during registration and login. Our mission at Gaze is to eliminate them from the Internet. We do this by enabling brilliant makers such as yourself to remove passwords from your products.
Meet Gazepass—a fully passwordless login API that lets your users sign up with just a few clicks, and subsequently login seamlessly.
Here are the highlights:
- Social Accounts: Users can register with Google or by typing in their email address (more social logins to come in the future)
- Native Biometrics: They can subsequently login using native biometric auth (like Apple Face ID, Windows Hello or Android's biometric-enabled devices)
- Camera Face ID: If they don't have a biometric sensor on their device, they can choose to sign in with camera face ID—our own face ID technology that runs on any webcam/front facing camera
- User Choice: If your users prefer not to use biometrics at all, they can disable biometrics altogether and login with a single click
Integrating Gazepass on your website is easy too! We have already released our JS SDK for integration on websites. We will be releasing our mobile SDKs very soon as well (currently under development). You will also find relevant API endpoints on our docs (which are constantly being improved).
This is just the very first version of our product—there's lots more in store. We would love to hear from you and get your thoughts/feedback. You can join our Slack workspace by visiting https://gaze.ai/slack -- we'll be waiting to start working with you! Alternatively, you can reach out to me via email anytime: t@gaze.ai .
*Early adopters (before Nov 30) get 1 year of all existing features (unlimited logins/users) for free!*
Cheers 🥂
Report
@gaze@gazeattaus This is awesome! I'm totally about frictionless and passwordless authentication, so much better than what we're currently using. Just tried it out, seems to work well.
@gaze@gazeattaus Hey there. If you could speak to your faceID technology on your site-- explain to users why just as effective as windows hello/apple (using IR), it might help sell it better. A good addition might be a simple 4 digit pin to go with it, or pick an image out of a grid. All of those would be user choice, of course. Great work guys, I think we need a unified login platform that's not so expensive.
Report
Maker
@gaze@davidoh Thank you so much for the amazing feedback—we will definitely explore all of those options going forward. Our Face ID right now is an optional (additional) security layer to help users secure their accounts across devices and use biometric auth in the absence of a native biometric option. However, 2D face recognition and spoof recognition has hardware level limitations which a depth-sensor based system is likely to outperform much more easily (we are working hard to closing the gap there of course) — so from a purely security standpoint, native biometrics with IR (or fingerprint, etc) should be stronger — but in its absence our users have the option to use our camera face ID.
I'm in Ed-tech and my users are therefore children and driving me a bit insane on forgetting passwords. It's a huge issue for kids, parents, an teachers right now during remote learning; this could be a great solution. However, what could you tell me about potential privacy concerns, here? I have a few laws I have to make sure to meet around FERPA, COPPA, NY 2D Ed Law, SOPIPA, etc. but also people have a LOT of privacy questions when it comes to kids, so I'd have to know quite a bit to implement something like this.
Report
Maker
@ltropf We are very, very serious about user privacy — if a user explicitly chooses to use our camera face verification we store their image/selfie (but a user actually has to choose yes; they can obviously opt out and not use this feature at all). We are also building tools that will allow our users to take control of their data (like have us delete any data we have: their email address, picture, etc. — anything they've ever provided).
We would love to assist you with logins in a passwordless manner. We can turn on/off certain parts of the system for children if needed too. Let's take this to email t[@]gaze.ai ? Please do reach out. Or you can also join our Slack workspace to discuss this gaze.ai/slack
Report
Wouldn't it be possible to use a virtual webcam to replay a recording of someone's facial movements to gain access to their account? Seems fairly doable, no?
Report
Maker
@oimeit Our next deployment of Gazepass (going out next week) will actually be restricting subsequent face IDs to the webcam that was initially used (so a virtual cam won't work). Great catch!
Report
Great product and explainer gifs! One concern, as the web version will probably scan the 2d version of the face only, how it will prevent if someone tries to use a printed image of me to log in?
Report
Maker
@nh12 Spoof recognition from 2D images is actually an active research area for us -- if you enable our webcam face ID, we check for spoof on all subsequent logins (to prevent paper attacks or even screen attacks with images/videos). Of course this is sth that we are constantly improving!
Report
Tidy looking implementation. Looking at your flows I assume you are using the protocols under the FIDO2 umbrella (WebAuthn) to enable the prompt for the biometric gesture, with the 'phone as Authenticator (although given I can see the prompt for security key through USB/NFC/Lightning also available).
If I am right:
* What are certifying as - if you plan to certify? Level 1 or Level 2? Presumable as a Client?
* Do you have plans around CTAP to supplement the selfie-based authentication mechanism and connect to a roaming authenticator?
PS Sorry if someone asked this already but there are a lot of comments and couldn't find anything
Report
Maker
@sensiblewood Thanks so much! Yes we are using WebAuthn for the device biometrics -- we'd most likely try to conform to Level 2, but this is something we are still looking into. We are also still exploring and learning more about CTAP--so can't comment on that yet.
We'd love to connect with/learn from you and see what you'd like to see us do. Would you be interested in moving this conversation over to email t@gaze.ai ?
Zengo wallet
Zengo wallet
Zengo wallet
Vowel