Apple’s iPhone X announcement brought with it a number of new frontiers (ARKit-friendly front camera, neural processing chips in a phone, and of course, the much-discussed notch!), but the change that will prove most immediately relevant to users is the phone’s new Face ID authentication technology.
Once the iPhone X learns (yes, learns! Neural chip!), you’ll be able to simply look at your phone and it will unlock itself. At WillowTree, we’re already knee-deep in Apple’s documentation about Face ID. Here’s what we’ve been talking about in the office so far.
Face ID is far more secure than Touch ID
If Apple’s numbers are correct, Face ID will be 20 times more accurate and secure than the current standard of Touch ID, with a 1-in-1,000,000 chance of a false positive to Touch ID’s 1-in-50,000. Apple claims it can’t be fooled by beards, glasses, new hairstyles, hats, or more importantly, a photograph. And it’s promised to seamlessly replace Touch ID in all existing and future instances, so in theory, everything you use Touch ID for today will be safer tomorrow.
How it works
The idea of unlocking a device with your face has been implemented before. Both Samsung and Microsoft have implemented this technology in their systems. Apple just took that a few steps further to help prevent the chance of a false positive. Face ID uses a depth camera to project over 30,000 invisible dots onto the user’s face. This creates a unique representation of your face that cannot be tricked with a photo or mask. Much like Touch ID, all facial data is protected by the Secure Enclave coprocessor in the phone’s chip.
Touch ID allows us to configure more than one finger for convenience and device sharing with other family members. Face ID will reportedly limit you to one face. So to share an iPhone X, you’ll have to give out your passcode to share your phone. Not ideal.
You should still set a secure backup passcode.
All to say, you should still pick a secure passcode as a backup to unlock your device. In fact, as of iOS 11, Apple will require that you enter a passcode to trust an unknown computer, even when the phone is unlocked. This will provide an extra layer of protection when syncing your device with an unknown computer.
Ever since Apple revealed Touch ID, there have been concerns about risks to the privacy of the contents of your phone, and Face ID doesn’t exactly allay those fears. Can law enforcement (or anyone else, for that matter) force you to look at your phone to unlock it?
While it’s (hopefully) not something you’ll find yourself up against, Apple seems to have considered environments and instances of duress, building in a way to quickly disable Face or Touch ID by simply tapping the power button 5 times in a row. At that point, anyone trying to coerce you to grant access to your phone will be hard pressed to crack in. Even a four-digit passcode is incredibly tough to break, and they’ll only get 10 tries before they’re locked out. Of course, all of these claims have yet to be proven by a 3rd party because the hardware is not out yet. In fact, we assume that there will be a swath of “Apple’s Face ID is broken!” headlines that security teams across the world will publish in the weeks and months after they get their hands on the phone.
What this research and these headlines will often leave out, is that this security is purportedly better than Touch ID which has become an industry trusted standard. And for the everyday consumer, this is a big step forward where security meets convenience.
Still, it’s important to remember the reason we need improvements in security like Face ID in the first place; in the world of security, we’ve learned to expect that whatever new security measures we create, it’s only a matter of time until someone finds a way to crack it.
So again, while Face ID is still very exciting—set a secure passcode.