It's not that bad
OK, it's not a military grade authentication... but more than enough in a home environment. Also, I'm reading shit about 2d vs. 3d and the such. Guys, you don't know the state of the art of face recognition, as it seems:
1) Lenovo engineers aren't quite as stupid as you think. Of course, the dumb 'Hey, let's wave a photo in front of the webcam' was tested. It doesn't fool the system. WTF, it was the first thing they tested.
2) The biometrics authentication systems in commercial laptops are toys. IPhoto (which admittedly, is a toy too) after a dozen of training photos or so, can recognize someone in a timespan of all the person's life. So aging, accidents and all that crap is a moot point.
3) In fact, recent systems are better at recognizing humans than humans themselves. They can distinguish identical twins better than humans. And, let's face it, *any* id system, in the end, goes down to biometrics: a policeman or government officer certifying, looking at ID's photos, fingerprints... that someone is who he claims.
As an example, in Spain you can get a government X509 certificate that for all purposes is as valid as a written signature. You go to the police, hand them you ID card, and here you are. But, wait a minute, isn't the police officer looking at your photo to authenticate you? Isn't your office boss lookng at you to assign you a system password? Have I mentioned that the newest systems are better than humans at recognizing humans? If you ask me, I think that this is a very promising field.
BTW, I don't get what those folks did to cheat the machine. I simply don't believe they bruteforced the webcam waving photos at it. And if they circumvented the wecam... c'mon, the whole thing is more than flawed.