←back to thread

Howdy – Windows Hello style facial authentication for Linux

(github.com)
58 points LorenDB | 8 comments | 23 Jun 25 18:34 UTC | HN request time: 1.077s | source | bottom
1. charcircuit ◴[26 Jun 25 07:43 UTC] No.44385141[source]
This isn't "Windows Hello style." This program extracts features from a 2d image instead of doing depth reconstruction first. This makes it easy to fool with a piece of paper.

Also this only handles user authentication unlike on Windows where it can be usedpasskey. disk encryption and for passkeys.

Edit: This program also saves the landmarks of your face into a file in plain text when it gets added.

replies(4): >>44385213 #>>44385303 #>>44385375 #>>44385483 #
2. senectus1 ◴[26 Jun 25 07:59 UTC] No.44385213[source]
yeah its more of a taster demo. I wish them luck in developing it properly though... I'm doing an ubuntu MOE for a corp atm and man, I really miss the windows hello logins.
replies(1): >>44385457 #
3. written-beyond ◴[26 Jun 25 08:17 UTC] No.44385303[source]
Really? When I tried on an hp spectre 5 years ago it made the hell sensors make a horrible clicking sounds and the LEDs glow red. I assumed it was doing something with depth analysis.
4. Boltgolt ◴[26 Jun 25 08:29 UTC] No.44385375[source]
Depth reconstruction with IR cameras in laptops today is incredibly hard. While the camera itself is exposed in Linux as a USB camera, the sync with the IR emitters is completely lost. Because of this we cannot extract a "left" and "right" lit image reliably as Windows hello does
5. _joel ◴[26 Jun 25 08:44 UTC] No.44385457[source]
Is 'Hello' and those kind of biometrics generally enabled at $CORP? The ones I've gigged at have been the polar opposite of using it, due to regulatroy requirements. Even disabling macos fingerprint reader company-wide, which is prerry darn good imho.
replies(2): >>44387247 #>>44387282 #
6. jeroenhd ◴[26 Jun 25 08:50 UTC] No.44385483[source]
FWIW Microsoft's branding team fumbling everything into Windows Hello isn't the project's fault. The "Windows Hello" part that they're trying to find an alternative for was the only "Windows Hello" for a while before Microsoft also decided that all of their TPM operations were now Windows Hello things.

That said, without the depth reconstruction, I do agree that this is nowhere close to Windows Hello's features. That's not the devs' fault (that kind of mostly-secure facial recognition is very hard) but I also don't think the comparison is apt. But who knows, if this project gains popularity, maybe in the future that kind of thing becomes possible.

This is more akin to Android's facial recognition, except for using the IR camera. Which is still acceptable for plenty of people. After all, many fingerprint readers on Linux share similar risks and are often regarded as secure enough. I think the availability of this project, even if it's nowhere near Windows Hello's standards, is a great addition to many Linux desktops, as long as their users understand the limitations.

As for the plaintext, Linux doesn't really have a secure storage mechanism (even the standard secrets API is easy to fool) so obfuscating the facial features doesn't really serve a purpose. As long as your disk is encrypted, I don't think that's a risk (and if it isn't, whoever is looking at your laptop can just browse through your photo albums anyway).

7. senectus1 ◴[26 Jun 25 13:32 UTC] No.44387247{3}[source]
yeah hello encompass facial recognition (must be dual IR cams), Fingerprint sensor and PIN.

none are perfect but they allow users to easily access their devices without having to remember and type in huge passwords.

8. lozenge ◴[26 Jun 25 13:35 UTC] No.44387282{3}[source]
I've had the opposite experience, my CORP now pushes most auth through my phone's biometric authentication, I don't even use a password.