- Considerations for Security by Design
- Security Settings
- Reject Weak PIN Codes During Enrollment
- Prevent Same User from Enrolling Twice or More
- Protect Against Deep-Fakes & Face Spoof Attempts
- Forbid Minors From Enrolling On Your Application
- Always Ask for PIN Code during Authentication
- Enforce PIN Code Uniqueness Among Users
- Ignore Obscured and Partially Masked Faces
- Reject Missing or Empty Origin/Referer HTTP Request Headers
- Restrict Widget Instantiation to Authorized Domain Names Only
- Restrict Widget Instantiation to Authorized Countries Only
- Enable Webhooks
Considerations for Security by Design
Applications security isn’t a feature or a benefit – it is a bare necessity. By making your FACEIO application more secure, you help preserve user trust. It is important that you be familiar with the FACEIO security best practices in this document. Following these practices as general integration habits reduces the likelihood of inadvertently introducing security issues that adversely affect your users.
The Application Manager on the FACEIO Console provides an implementation of the security best practices related to securing your applications. This guideline shows how to work with the application recommended security configurations. If you have any questions about the security practices or settings, please visit the discussion forum or open a new support ticket via the console.
Security Settings
The following core security features help you build secure FACEIO applications. Please review each of them carefully. You can enable/disable security settings at your ease on the Application Manager.
Reject Weak PIN Codes During Enrollment
Enabled by Default: No
Description: During enrollment, each user is invited to choose a PIN code of his choice that must be at least 4 digits long (and no more than 16 digits long). On future authentication, this user is then required to confirm his PIN code whenever one of the following events occurs first:
- A collision is triggered, where two extremely similar faces are reported. This might happen on very large indexes, or when the same user has enrolled twice.
- A face match is completed with a confidence score slightly lower than 99% threshold.
- Or when your application always enforce PIN code confirmation. This feature is enabled by default for maximum security, and can be turned off via the setting below.
Enabled by Default: No
Description: When enabled, this option shall prevent the same user from enrolling twice or more on your application. That is, if the facial features of the user being enrolled are already recorded, the enroll operation is aborted, and the
fioErrCode.FACE_DUPLICATION
error code is raised to your host application instead. Otherwise, when this option is disabled (default case), it is considered, a no-error operation for the same user to enroll twice or more on your application. This will trigger a collision, and ask the user to confirm his PIN code whenever an authentication operation occurs with the same user.Enabled by Default: No
Description: When activated, this feature is engineered to counteract Smartphone & Print Attacks originating from static visuals or video feeds with the
fioErrCode.PAD_ATTACK
error code being raised to your application if such attacks are detected. That is, the system will ensure that is presented with a live (real) person during each authentication or enrollment operation. This is to effectively thwart presentation attacks, commonly referred to as Deep-Fakes or Face Spoofing attempts. In biometrics, liveness detection determines whether the presented face is genuine and from a live individual at the capture point, or a counterfeit from a deceptive artifact or non-living body part.Enabled by Default: No
Description: When activated, this option forbid minors less than 18 years old from on-boarding on your application with the
fioErrCode.MINORS_NOT_ALLOWED
error code being raised if a minor try to enroll on your application. You may want to activate this feature if your application is offering sensitive services, and you need to comply with jurisdiction (eg: UK & Some US states) that forbid minors from accessing such services. PixLab software including Insight, the default facial recognition engine for FACEIO are ready to meet the PAS 1296:2018 code of practice for online age verification accredited by UK’s Age Check Certification Scheme (ACCS).Enabled by Default: Yes
Description: During authentication, when this option is turned off and the resulting facial recognition process clearly report single face match with near-perfect, high confidence score (usually higher than 99% threshold), then FACEIO shall not ask for the target user’s PIN code and access is granted. If on the other side, this option is enabled (default case), the user being authenticated is then required to confirm his PIN code for access to be granted. In case of invalid PIN code supplied (after three trials), the authentication process is aborted and control is transferred to the host application (i.e. your webapp) with appropriate error code. Highly sensitive applications such as banking apps are required to turned on this option.
Enabled by Default: No
Description: During enrollment, each user is invited to choose a PIN code of his choice that must be at least 4 digits long (and no more than 16 digits long). If this option is enabled, the system ensure that the chosen PIN code is unique among other users PINs on this application.
Enabled by Default: Yes
Description: By default, obscured (under poor lighting conditions) and partially masked faces (i.e hat and sunglass combination, medical mask, etc.) are automatically discarded from the recognition process, and another frame is requested by the system until a clearly visible face is detected. When this option is turned on, obscured or partially masked face are included in the facial recognition process.
Enabled by Default: Yes
Description: When enabled, this option shall reject
fio.js
instantiation when the Origin (or Referer) HTTP request header is missing from the browser that initiated the request. This is a minimalistic security feature against forged requests. You can further restrictfio.js
instantiation with your application Public ID to specific domain names you define.Enabled by Default: No
Description: When enabled, this option shall restrict
fio.js
instantiation to specific domain names you define. That is, no other domain names except the white listed ones will be able to instantiatefio.js
with your application Public ID, and perform facial Authentication & Enrollment. You can configure the list of allowed domain names via the Application Manager.Enabled by Default: No
Description: When enabled, this option shall restrict
fio.js
instantiation to specific countries you define. That is, no other IP addresses except those belonging to the authorized countries will be able to instantiatefio.js
with your application Public ID, and perform facial Authentication & Enrollment. You can configure the list of allowed countries (ISO-3166-1 Code) via the Application Manager.Enabled by Default: No
Description: Webhooks allow you to receive data and get notified at real-time about the ongoing events during the interaction of the FACEIO Widget with your users in-order to keep your application backend up-to-date & synchronized. FACEIO uses Webhooks to let your system know when such events happen. Events includes new user enrollment, facial authentication success, facial ID deletion and many other events.
When an event occurs, FACEIO makes an HTTP POST request to the URL you configured for the Webhook. FACEIO’s request will include details of the ongoing event such as the Unique Facial ID of the user in question, its gender and age in case of new enrollment, timestamps, event type, IP information and many other details. You can find out more information about webhooks here, and configure your endpoint URL via the application manager.