Facial authentication with Howdy
Howdy, Friend
Howdy brings the convenience of facial authentication to Linux.
Futurists and entrepreneurs have long been obsessed with the idea of biometric authentication. Every body is unique – could the unique features of your anatomy be used to prove that you are you? Police departments have used fingerprints to identify suspects for years, and several computer systems now allow fingerprint authentication. But for many researchers, the holy grail for biometric authentication has always been facial recognition.
The human brain authenticates humans through facial recognition all the time: That is what happens when you "recognize" someone. Of course, when a camera takes a picture of a person, it is most likely a picture of a face. Your face is looking at your laptop or phone all the time. What could be more convenient than just training your electronic device to look back at you and determine if the face is familiar?
Windows Hello technology, which is built into Microsoft systems, gives Windows users an option for facial identification. The Linux community can now access facial identification through an open source application known as Howdy [1]. Lem Severein from the Netherlands has been developing Howdy for more than four years, and the software is currently available on GitHub.
As you can probably guess, facial authentication system requires two important components:
- Imaging – a way to capture an image of the person who is trying to authenticate
- Artificial intelligence – a way to compare that image with a reference image of the user
Once the identity is confirmed, the application then needs a way to pass the approval on the operating system.
Howdy uses the OpenCV computer vision library [2] for imaging and facial recognition. Fortunately for the Linux community, the Pluggable Authentication Module (PAM) system built into Linux makes it easy to integrate new authentication technologies (see the box entitled "PAM Authentication"). Howdy uses the OpenCV vision library for image processing and facial recognition; then it passes control on to PAM.
PAM Authentication
The PAM system built into Linux offers a way to integrate low-level authentication processes into higher-level APIs. PAM consists of a cascade of modules that control authentication. On one hand, this means that you can apply several procedures in succession: for example, first facial recognition and then, if this fails (or in addition), password input. On the other hand, you can also use PAM to provide different procedures for different programs: For instance, use facial recognition to unlock the desktop, but require a password to install new programs.
Severein points out that Howdy is not intended as a complete security system by itself. As the website states, it is "…in no way as secure as a password and will never be…. Howdy is a more quick and convenient way of logging in, not a more secure one."
One common use for facial authentication tools is to re-authenticate a user after the user steps away from the computer. Howdy can serve as a first line of defense in casual settings, but be aware that this technology is still experimental – if you are counting on enterprise-level security, better to stick with more conventional approaches.
The Camera
It takes a camera to see a face. Today, IR (near field infrared) cameras, which are not normally installed in laptops as standard equipment, are a popular option for reliable facial recognition. Howdy theoretically works on laptops that only have a standard webcam, but it won't be as secure or as reliable. The GitHub project linux-enable-ir-emitter
[3], which is designed for use with Howdy, offers support for infrared cameras that are not directly enabled out-of-the box.
Howdy
Howdy has not yet reached the package sources for many Linux distributions; however, the developer provides instructions for setting up the software on popular Linux systems. In particular, Howdy offers strong support for Ubuntu, offering a separate PPA for Ubuntu systems. For Arch Linux, the required packages are in the AUR, with instructions in the ArchWiki [4].
As a Python program, Howdy has a number of distribution-specific dependencies, such as python-pam. In addition to using OpenCV for face recognition, Howdy leverages the Hierarchical Data Format (HDF5) for data storage and FFmpeg for reading the video stream.
The basic installation is quite simple on most distributions: Install the howdy package via your package manager. The system drags in all the dependencies it needs. With Arch Linux, you might have to add some packages by hand, such as the python-pam package.
Try It Out
Howdy requires some manual configuration work and face recognition training. The basic software configuration and training are handled by the howdy
command in the terminal, in combination with a few subcommands (as shown in Table 1). You can also use options to simplify the steps for some actions (see Table 2).
Table 1
Subcommands
Parameter | Function |
---|---|
add |
Add profile (model) for current user |
test |
Test facial recognition |
clear |
Delete profile |
config |
Create or edit configuration |
disable |
Disable Howdy |
list |
Display profiles |
remove ID |
Delete profile with ID |
snapshot |
Create snapshot |
version |
Display version |
Table 2
Options
Option | Function |
---|---|
-h |
Online help |
-y |
Skip profile name query |
-U user |
Define profile for user |
To set up the software, use:
sudo howdy config
This process will start the default editor with a fairly compact configuration file that documents all settings in detail. The few changes necessary for some initial experiments are shown in Listing 1.
Listing 1
Edit Howdy Configuration
01 [core] 02 # Print that face detection is being attempted 03 # default: false 04 detection_notice = true 05 06 # The path of the device to capture frames from 07 # Should be set automatically by an installer 08 # if your distro has one 09 device_path = /dev/video0 10 11 [snapshots] 12 # Capture snapshots of failed login attempts 13 # and save them to disk with metadata 14 # Snapshots are saved to the "snapshots" folder 15 capture_failed = true 16 17 # Do the same as the option above but for 18 # successful attempts 19 capture_successful = true
By default, the detection_notice
parameter is set to false
, which prevents Howdy from reporting successful face recognition. For initial testing, however, this feature is very useful, which is why you will want to specify a value of true
instead (line 4).
By far the most important specification refers to the video device used (line 9). The IR camera was available as /dev/video2
in our lab; normal webcams are often designated /dev/video0
or /dev/video1
. For some IR cameras, starting the system already activates the (built-in) IR lights.
If you are unsure, either find out the name of the device file using a photo application like Cheese, or use the v4l2-ctl
command from the v4L-utils package:
$ v4l2-ctl --list-devices
Then copy the desired device, including the path to the configuration.
For face recognition using OpenCV, it does not matter whether the camera delivers normal monochrome or color images or IR images. For this reason, the standard laptop webcam is suitable for identification, unless you need genuine security.
The snapshots
section in last part of the configuration file is also important. This section is where you specify whether Howdy saves an image at the time of authentication (Listing 1, lines 15 and 19). These snapshots help to analyze problems if face recognition did not work. Sometimes you can tell by looking at the image if there is insufficient light, if a reflection blinded the camera, or if parts of the face were obscured.
Howdy saves the image for each call as a JPEG file (Figure 1) in the /usr/lib/security/howdy/snapshots/
directory; you will want to delete these images occasionally. If authentication fails, the software creates a joint image of all three attempts that it makes by default, labeled FAILED LOGIN. The smaller the value for Best certainty value, the better the recognition process worked. On the other hand, if the login is successful, Howdy only stores one image.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.