At the same time, the system needs to be judged as to if it's secure or not, not if it's the best possible implementation of FaceID or not. After all, something like a fingerprint reader on the back is a valid alternative.
At the end of the day, a system where it's likely you'll find someone who can unlock it isn't very secure.
For a consumer, it's fine -- way better than the bullshit passwords that people use.
Once you start getting into higher security areas, you still need multiple identity factors to authenticate people. I'd guess that a bigger potential risk factor for systems like FaceID is intent -- entry of a passcode or fingerprint being placed on a button is a more explicit expression of intent as opposed to glancing at a device.
The point of the article is that many people are complaining about FaceID's security in abstract. The alternatives, like the relatively common 'no password' or '123456 pin' are much LESS secure than FaceID.
The other arguments people are making tend to be very fanciful scenarios that don't apply to normal people (state actors, high quality makeup shops with a perfect face mold of your face, etc).
It may not be perfect but like TouchID it's probably way better than the alternative.
This discussion arises because we collectively wish for a completely secure (as in does not unlock unless you want it to) yet near-instant unlock mechanism.
It's not that OP worries they might be doing something sketchy enough that law enforcement would go through those lengths. The issue is that Face ID's difficulty to crack is a function of time, not knowledge. Thus, it is not the holy grail we seek, and if you have anything of interest on your phone, whether political, corporate or just illegal, it's not even an option if you wish to secure your system.
In terms of security vs convenience though, I'm not going to enter a decent passphrase into my phone many times per day. A short passcode can trivially be shoulder-surfed, so FaceID is still better security than what I otherwise would be using, even if it's not perfect. The convenience also lets me have more apps individually locked, meaning I can hand an unlocked device to someone knowing they still have somewhat limited access.
I'm not pleased with the security aspect of face id though. I get that touch id is not highly secure either, but I'm more confident in it and it does not require looking at a phone to unlock.
I strongly disagree. Bad security is worse than no security. It's better to disable FaceID when the security of the system has been breached rather than to limp on regardless.
The flaw with this list is that it treats all risks as equally likely and does not distinguish between various threat landscapes.
Few people are high value enough to merit the effort required to capture a face from CCTV, generate a mask from the image, get physical access to their device, and use the mask to unlock. So for almost everyone, faceid is fine.
That's a super interesting thought. Face ID is a bit of a black box. Though I'm not trying to defend it to death, I can imagine it's better than all of the face scanners before it but far from super secure.
You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.
Oh oops, I didn't read carefully enough. Regardless, I think if you're interested in real security, both TouchID and FaceID are terrible (easy to use your body, by force if necessary, to bypass those), and passcode is the only secure option. FaceID and TouchID are just conveniences not affordable to those who have something to lose.
Cool that they took the time to explore the limits of it, but FaceID is about convenience with security, not maximum security. Having physical access to the phone is still required, which is a pretty big obstacle for this kind of attack.
There is also a quick button squeeze you can do that requires passcode for the next unlock, so you can do that before you go to bed if you're really afraid someone is going to gain physical access to your device.
There's surprising support here for the faceid stuff, despite it's clearly made to normalize using biometric data for everything and make one step towards the survelliance state. But let's pretend we are more concerned with security of this approach: how is it better than a ring with a chip you'd wear and use for auth? If this identity is compromised, you could just get another ring. And you wouldn't need to give your real identity to apple.
I agree but keep in mind that this same principal applies to TouchID, which is what FaceID is replacing. FaceID is so much better than TouchID in so many aspects. Less false positives, it works even if your fingers are wet, and it's a natural behavior to look at the screen.
Both TouchID and FaceID is trying to protect from complete stranger. I know that with FaceID (if it does exactly what the video suggests) it will be a harder challenge to unlock.
This seems like a silly way to think about FaceID. You’d need 1000+ people to all try their faces on each other’s 1000+ phones to get the 50% chance of unlocking. That’s not the scenario biometric authentication is built for, which is why the phone would require a password after 5 failed attempts.
I'm comfortable with Apple implementing biometric authentication, for convenience, because I trust them to let me retain control over my data. FaceID data doesn't leave the secure enclave.
The For Convenience part is essential: FaceID is a liability to security. It improves usability of the security, which means people will actually use it, but it does not improve the security itself.
It does mean that you can use a longer passcode (encryption key) because you only need to enter it on reboot and after enough negatives. (You can also squeeze both top buttons to disable FaceID)
Personally I feel FaceID is a step backwards from fingerprint readers. It doesn't work as often for me (facial hair, hat, lighting, hoodie, and sometimes it's just finnicky) and there are privacy concerns. The fingerprint reader isn't perfect, but for me it was better. I can touch it while pulling the phone out of my pocket and it's unlocked when I open it.
I'm frustrated with Google's choice to copy Apple and remove this feature from the Pixel 4. It's literally the only reason I'm not buying one.
At the end of the day, a system where it's likely you'll find someone who can unlock it isn't very secure.
reply