ZenGo is once again boasting about the strength of its face-based authentication technology after the CEO of a rival cryptocurrency wallet questioned the company’s security capabilities on Twitter. The original Tweet has since been deleted, but the exchange implied that ZenGo’s facial recognition could be spoofed with a high-quality image of the user.
In its response, ZenGo vociferously objected to that claim. The company detailed the steps it takes to ensure the integrity of its system, which include stress tests with high-resolution photos and high-quality 3D masks. The facial recognition technology comes courtesy of FaceTec, which also conducts its own tests to provide reliable liveness detection.
The takeaway is that ZenGo is still extremely confident in its security setup. ZenGo shares security responsibilities between the user’s device and its own company servers, and noted that facial recognition is only one of the three security factors that is used for authentication. The others are email verification and the user’s cloud access, all three of which are needed to gain access to an account.
In other words, a face alone is not sufficient, and even if that were the case, FaceTec’s liveness detection is robust enough to fend off presentation attacks. ZenGo was unable to spoof the system with photos or masks, and the company is so confident that it has challenged the general public with a “Test My Face Map” feature that invites users to submit their own face and photo to try to beat the system (ZenGo assures customers that those efforts will fail).
Of course, this is not the first time that ZenGo and FaceTec have made bold security claims. FaceTec has offered to pay a $30,000 bounty to anyone that can get spoof its ZoOm authentication system, and hackers failed to capture the one Bitcoin reward that ZenGo offered to anyone that managed to break into its wallet.