TechSpot means tech analysis and advice you can trust. Read our ethics statement.
It appears that more authentication systems are now relying on facial recognition instead of traditional methods. Wired reports that the latest company to put its faith in the technique is Facebook, which has started asking some users to confirm they're not bots by sending in pictures of their faces.
A screenshot of the new type of captcha appeared on Twitter and has now been confirmed by Facebook. It asks that users "please upload a photo of yourself that clearly shows your face." The social network says once it has checked the image, it will be permanently deleted from its servers.
Wired writes that the entire process is automated and compares the uploaded photo to others on a profile to ensure it's not a duplicate. While the image is being verified, users may be locked out of their accounts as a security precaution.
a friend sent me this: Facebook is now locking users out of account features, then demanding that those users "verify" their account to get back in by scanning an image of their face. AN IMAGE OF THEIR FACE. pic.twitter.com/T4TIsJFxX8--- can Amy Goodman pls stop inviting Assange on thx (@flexlibris) November 28, 2017
Facebook said the captcha was to "help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads."
The statement suggests this may in part be a response to the 3000 Russian-backed ads that appeared on Facebook around the time of the US election. While Facebook wouldn't confirm when it started using the captcha, reports of the prompts first appeared on Reddit in April.
The system has parallels with Facebook's recently announced method of fighting revenge porn. This process also asks users to send in photos, though in this case it requests nudes---the images are identified and blocked if uploaded to the platform by others. Thankfully, the company said the pictures sent in by potential victims wouldn't be stored on its servers.