This page describes the various ways in which Wink Login can authenticate a returning user

For a user that has an existing Wink account, the Wink Login service performs a multi-factor authentication (MFA) of such a user by utilizing device authentication, face authentication and voice authentication if required. The simplest of this process is a case where a returning user can be authenticated and recognized on the same device that they performed the enrollment process.

Fast Login (Authentication using Device + Face)

Fast Login is available to a returning user on the same device that was used by that user for enrollment.

MFA Step 1: Welcome Screen and device authentication

The Wink Login SDK will welcome this user by first name and invite the user to click on “Continue” to proceed.

Please note that the successful identification of the user firstname in this screen represents the step of “successful device authentication” as 1st factor of the MFA process of Wink Login. This means that the user with the given first name has this particular device registered in their Wink biometric profile and Wink was able to successfully authenticate the device.

Please note that Wink Login allows the same device to be registered for multiple users ( in a family or corporate setting ). Since there are no usernames in Wink Login, the “Not ” link acts as a way to switch users on that device. Clicking this link will direct the additional user of this device to an enrollment experience as described in the Enrollment chapter above.

MFA Step 2: Facial Recognition

Clicking on continue will launch the facial capture screen as the 2nd factor of the multi-factor authentication process.

The screen allows for a 2 second timer for the user to appear in the square camera window. Once the timer reaches 0, the facial recognition process will begin and the user will see an activity indicator ( Wink semicolon logo animation ).

NO LIVENESS DETECTION is performed in this screen since the user’s device was successfully authenticated in MFA Step 1 of this process. Hence in this version of Wink Login, a user can their own “selfie” or “recorded video”. However, if someone else’s picture is shown in this step, it will fail as that user will not be authenticated or “allowed user” of this device”.

MFA Result of Fast Login

Upon completion of the Facial Authentication at the Wink Login back-end a user will be successfully recognized via Fast Login if and only if the following criteria are met
a. User Device is authenticated ( this is the same device that the user has previously performed enrollment and successful facial liveness detection )
b. User face is successfully matched with >90% confidence with a Wink ID that is associated with the authenticated Device.

If the above criteria are not met, the user will be invited to Retry and will be presented with a RED bar around the face capture window and Retry option.

Clicking the Retry button will launch a 2nd attempt for Wink Login MFA which will automatically request voice authentication also. This process is known as Normal Login.

Normal Login (Authentication using Face+Voice)

Most commonly, this situation occurs in the situation when an existing user wants to access Wink on someone else's device.

This situation can occur in 3 additional cases: 1) Device Authentication failed in MFA Step 1 ( user sees “Hi Guest” instead of “Hi ” in that step ) or 2) Face Authentication failed to achieve 90% confidence in MFA Step 2 ( covered face, low light, face blocked or such situations ) or 3) the Wink ID linked with the presented face in Step 2 didn’t match with the Wink ID linked with the authenticated device in Step 1.
In this situation, Wink Login SDK will prompt the user to perform both a face verification and a voice verification.
User will first see a prompt for a 10 second timer followed by a sentence to read.

MFA Step 3: Voice Verification with Liveness Detection

In this step the user is expected to loudly read the shown sentence with clear and loud inclusion of the 3-4 digit number included in the text. This allows Wink Login to prevent from replayed recorded or AI generated audio to be presented successfully since the random number is new in every attempt.

Normal Login will succeed if:
a) User’s presented face is matched with >90% confidence with the device authenticated in Step 1 OR
b) User’s presented face and voice are both matched with >90% confidence to the same WinkID

Just like in the case of Fast Login, if the above criteria are not met, the user will be invited to Retry and will be presented with a RED bar around the face capture window and Retry option.

While most users are expected to be able to login with the Fast or Normal Login steps above, there might be situations where neither face or voice can be presented clearly by the user owing to situations beyond user control ( logging in while being in a crowded dimly lit restaurant for example ). See Special Yellow Case section for more information on these rare cases.

What’s Next

If the above criteria are met successfully, the user will skip the following steps and will be taken to the final step ( see MFA Success )