This paper presents an experiment designed to test the resilience of several user verification systems based on face recognition technology against simple identity spoofing methods, such as trying to gain access to the system by using mobile camera shots of the users, their ID cards, or social media photos of them that are available online. We also aim at identifying the compression threshold above which a photo can be used to gain access to the system. Four major user verification tools were tested: Keyemon and Luxand Blink on Windows and Android Face Unlock and FaceLock on Android. The results show all tested systems to be vulnerable to even very crude attacks, indicating that the technology is not ready yet for adoption in applications where security rather than user convenience is the main concern
