How UCL Computer Science researchers solved authentication for millions without a single password

The challenge

For decades, digital authentication has frustrated users and security experts alike. Traditional username-password systems place an impossible burden on human memory, while stronger security measures often create barriers that people simply won't use. 

UCL Computer Science's Professor Angela Sasse identified this fundamental problem in her pivotal 1999 paper "Users are not the enemy", but solving it required rethinking authentication entirely.

The challenge was stark: organisations needed watertight identity verification for everything from border crossings to banking, but existing solutions forced users to jump through hoops or remember countless passwords. 

Many people simply gave up, choosing weak passwords or avoiding secure systems altogether. The assumption that stronger security meant worse usability seemed unshakeable.

The breakthrough

When iProov's founder approached Professor Sasse in 2011 with an idea for spoof-proof face verification, she immediately saw both the potential and the pitfalls. Working alongside UCL Computer Science's Professor Lewis Griffin and his PhD student Andrew Newell, who later became iProov's Chief Scientific Officer, the team spent years developing a system that demolished the usability-security trade-off.

The breakthrough came from applying usability constraints from day one, rather than bolting them on later. Sasse's team conducted extensive user acceptance studies and field trials, including hiring a bus full of volunteers to test border crossing scenarios in South London. They discovered that people would accept strong identity verification, but only if it felt effortless.

The result was a face authentication system that works with any built-in camera and provides government-grade security in seconds. Unlike traditional biometrics that store templates, iProov's approach verifies users are real people, present at that moment – making it virtually impossible to spoof with photos, videos or masks.

 Real-world impact

Today, iProov protects millions of users worldwide with authentication so simple it feels almost invisible. Several governments rely on the system for critical functions, including UK and US border security, Singapore’s citizen authentication, and EU national enrollment in the UK. When you cross borders via Eurostar, there's a good chance iProov is verifying your identity against your travel documents.

The commercial impact has been equally transformative. Microsoft has built iProov into its enterprise platform, making strong face authentication available to any organisation using Microsoft 365. A number of banks now use the system for both customer onboarding and routine transactions, eliminating the need for people to visit branches or remember multiple passwords.

The strongest validation comes from governments choosing iProov for their most sensitive applications – including US-Canada border crossings where security and speed are equally critical.

What makes this particularly significant is the 14-year collaboration between UCL Computer Science and iProov. This isn't a case of research sitting on university shelves – Sasse and her team have provided ongoing scientific rigour, testing and academic insight that continues to strengthen the product. Recent coverage in the Financial Times highlighted how this sustained partnership between academia and industry creates lasting impact.

The system has fundamentally changed how organisations think about authentication. By proving that the strongest security can also be the easiest to use, UCL Computer Science's research has influenced an entire industry now racing to eliminate passwords entirely.

Additional information