The average person has 27 distinct passwords, and it’s hard to keep track of them all. That’s why companies like Uber and MasterCard are trying a new kind of password you can’t forget: selfies. Advances in facial recognition software are what’s making selfie passwords possible. Here’s how they work: A company asks a user to snap a selfie, which it stores. Then every time a user makes a purchase, the app asks for another selfie for comparison. If the thousands of distinct traits in the photos match, the identity is verified. But the technology isn’t perfect; poor lighting can thwart the software, and hackers may find biometric data easier to manipulate than alphanumeric passwords, which are constantly updated. “There is nothing safer about” a selfie password, Marc Goodman, a security consultant, told The Wall Street Journal, “except it rules out the challenges of password management.”