event_note September 07, 2016

By default, using sophisticated motion analysis our patented liveness detection always checks to make sure that the mages used to verify your face are from a live person rather than a photo. Challenge-response takes this a step further. If it is enabled, you are asked to turn your head in a specific direction (the "challenge"). We then verify that you truly did turn as instructed (the "response"). In this way we can detect and block attacks using video of you.

In order to prevent an attacker from logging in using a video of you, challenge-response checks that you follow randomly selected movement instructions. Specifically, you are instructed to turn your head in randomly defined directions, shown either with a 3D head (mobile app) and (browsers); using motion analysis we then verify that you turned as instructed. Keeping your eye on the screen, you must turn slightly in the direction indicated. Easy for you, but hard for an attacker!

BioID iOS app

BioID UUI app

A few things to keep in mind:

  • Follow the 3D head as if looking at a mirror, or turn in the direction shown by the arrows.
  • When directed turn your head, not your eyes.
  • Turn only slightly; keep both eyes on the screen!
  • After each turn you will be directed to look straight again before being asked to turn in a different direction.
  • If the 3D head stops moving it did not detect any movement from you. Move further or again in the direction indicated.

By default, challenge-response is disabled. You can enable or disable it from your BioID profile page.