Actually even the Fedora package's specfile only says Python 3, so I'm not sure why the README says that it still needs Python 2.

Edit: Okay, the explanation is in this commit message: https://github.com/boltgolt/howdy/commit/305e42fc79ef38f66c5... . The dep on Python 2 is from Fedora's PAM module package, not from howdy itself. On OpenSUSE the corresponding PAM module package depends on Python 3 already.

You can also enable "rubberstamps" which require an action from you like nodding yes to confirm authentication and making it harder to fool. As noted in the readme though, Howdy is never going to be 100% secure

That said, without the depth reconstruction, I do agree that this is nowhere close to Windows Hello's features. That's not the devs' fault (that kind of mostly-secure facial recognition is very hard) but I also don't think the comparison is apt. But who knows, if this project gains popularity, maybe in the future that kind of thing becomes possible.

This is more akin to Android's facial recognition, except for using the IR camera. Which is still acceptable for plenty of people. After all, many fingerprint readers on Linux share similar risks and are often regarded as secure enough. I think the availability of this project, even if it's nowhere near Windows Hello's standards, is a great addition to many Linux desktops, as long as their users understand the limitations.

As for the plaintext, Linux doesn't really have a secure storage mechanism (even the standard secrets API is easy to fool) so obfuscating the facial features doesn't really serve a purpose. As long as your disk is encrypted, I don't think that's a risk (and if it isn't, whoever is looking at your laptop can just browse through your photo albums anyway).