A few years back we reviewed and fooled KeyLemon version 2.3.1, now let’s see how this biometric software has evolved.
KeyLemon replaces the standard MS Windows logon and session lock-out with a face recognition dialog using a standard webcam. Version 3.1.1. also includes the option to use speaker recognition.
For this article we tested KeyLemon version 3.1.1 gold edition on MS Windows 7 Home Edition, using a Logitech C500 webcam (1.3 megapixels).
Bronze: 19.95 EUR
Gold: 39.95 EUR
|Hardware Requirements||64bit processor, 1GB RAM, 200MB hard drive space, USB webcam or integrated webcam|
|Supported OS||MS Windows Vista, MS Windows 7, 8, 8.1, MAC OS X 10.6 up to 10.10|
Differences in between license versions
In the basic “free” version you can only use the standard face recognition feature to logon and unlock your computer. In the bronze version functionality is added so your computer automatically locks when you are no longer in front of the screen.
The gold version adds features of which the most important are adapting face models under different lighting conditions and setting level of security / ease of access.
Installation of KeyLemon is easy: download the executable file from the supplier website, execute it and after running the installer you are ready to enroll and start using this application.
Overview of functionalities
The KeyLemon Control Center is clear regarding the different configuration options and functionalities which can be enabled. Instructions provided on the interface are sufficient to get you started quickly.
Creating a new face model (enroll) in KeyLemon.
- LemonLogin makes that you can login or unlock the system using face recognition, alternatively the dialog presented by KeyLemon still allows you to enter a password for login.
- LemonLock locks the session after a configurable period of inactivity, if it detects that you are no longer sitting in front of the computer.
- In the gold edition you can store multiple face models allowing face recognition in different lighting conditions. Without this option KeyLemon might have difficulty performing face recognition at night when your face model was created during the day time, or vice versa.
- In the gold edition you can configure the recognition accuracy (low – medium – high), a higher setting means it will be more difficult to fool the software but could also make it more difficult to perform valid logons.
- In the gold edition you can activate eye blink detection. During the logon process KeyLemon will ask to blink your eyes, this liveness check will make it more difficult for someone to logon using an image or video.
Configuration options specific for the gold edition.
Does it work?
Security, false acceptance rate
For testing security, false acceptance rate, I chose the following setup:
- recognition accuracy set to high
- eye blink detection activated and requiring 1 blinks
I succeeded very quickly to fool KeyLemon. With only a picture of the subject, a bit of editing in Microsoft Paint and a smartphone I completed this hack of KeyLemon. See for yourself in the video below.
General useability, false rejection rate
For the purpose of this review I have created 7 face models in KeyLemon at different light conditions. The computer I used for the tests is installed close to a window on the south side, so light conditions vary a lot.
To test the false rejection rate, I chose a maxed out setup:
- recognition accuracy set to high
- eye blink detection activated and requiring 3 blinks
- limit the time for login to 10 seconds
During my first test with this setup, the logon screen of KeyLemon crashed. After a reboot, the logon using 3 blinks of both eyes worked fine. Later on I had one similar crash in which the KeyLemon logon screen just froze and I had to logon using my password.
With the exception of the two crashes I had little difficulty logging on to my computer.
A disadvantage of the software is that you can have no separate configuration settings for individual users. Any user can change the security settings of KeyLemon and this will affect all user accounts using the software. My 7 year old son changed the number of eye blinks to ‘1’ on his own account, this also affected the logon process of my own account.
KeyLemon is not secure. Even at its highest face recognition accuracy settings it provides less security than a password. This face recognition software has a high False Acceptance Rate, it is easy to hack by anyone having only basic photo editing skills. The current liveness checks in KeyLemon are insufficient to detect the use of videos or photographs