Touch ID is fine for security. I don’t doubt that Face ID is also very secure, but it still seems to me that Touch ID is quicker, easier and more convenient. Face ID seems to be a solution to something that’s not a problem.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
10-Year-Old Unlocks Face ID on His Mother's iPhone X as Questionable Mask Spoofing Surfaces
- Thread starter MacRumors
- Start date
- Sort by reaction score
Touch ID is fine for security. I don’t doubt that Face ID is also very secure, but it still seems to me that Touch ID is quicker, easier and more convenient. Face ID seems to be a solution to something that’s not a problem.
Again, Samsung already has this, just like they had Face ID first.Apple better be working on IrisID
Whats not to say that his face was not enrolled in Face ID. You can add more than 1 face. If she had deleted her face and there was nothing in face ID, then given the phone to him, it probably would not have unlocked.
Some Taiwanese tech CEO has commented how Apple is building big data with FaceID so that retailers can offer you a subscription of lenses if you wear glasses or a trimmer if you start growing a beard.
So essentially you pay a handsome amount of $$ to be a data contributor for Apple. How is that for a feel-good story?
So essentially you pay a handsome amount of $$ to be a data contributor for Apple. How is that for a feel-good story?
Didn't know that. I usually setup a finger per profile for a total of 4 for both hands.
This is the most important post in the entire thread. Apple switching to Face ID eliminates the battles and lawsuits with governments over unlocking devices upon request.
Apple can’t see the faceid data. It is cryptographically hashed and stored on the device and never leaves it.
[doublepost=1510802923][/doublepost]
How do? Police can compel you to touch the device just as easily as they can compel you to look at the device.
MacRumors said:
Sorry editor, that not what the security paper is stating. The paper is referring to when the owner of the phone is under 13. It's clearly saying that Face ID cannot create a unique enough "key" mapping of the person's visage when "distinct facial features may not have fully developed". It's easier for other people of similar age to unlock the phone -- because they will look similar to the owner at that age. Just like how people say "all babies look alike".
The owner of the phone was the child's mom, and her distinct facial features that are supposed to keep the phone locked. Face ID failed because, honestly, this kid is really the spitting image of his mom, and Face ID can't be strict enough to tell the two apart, but lax enough allow his mom to successfully use the feature with
- hats on heads
- scarves around or covering lower faces
- sunglasses
- etc that Apple advertises it will.
I'd like to still have TouchID as an option, for both security and health reasons. I tried the iris scanner on my Galaxy S8+, but I had to turn it off rather quickly as it was causing discomfort in my eyes. So I'm not completely sure if I want to have the FaceID camera bombarding my face and especially eyes with IR a hundred times a day and while I might be able to live with unlocking the phone with the PIN code, authenticating to all the apps that I now do with TouchID would be too tough to lose. So currently I'm not rushing out to spend well over 1000€ on a phone where the only biometric authentication option might not work for me.
Personally, if I was going to use such fast biometric unlocking, I'd want to have both Face and Touch. Requiring both fingerprint and face match.
The likelyhood of a person matching both my face and fingerprint accidentally would be externally low. Even identical twins wouldn't match up that well.
For nefarious hackery, it would have to successfully replicate both inputs within the allowable window. Possible, but chances of failure to force the typed password entry. Of course if you've lost physical access to your device you've kinda lost the security fight on most levels.
The likelyhood of a person matching both my face and fingerprint accidentally would be externally low. Even identical twins wouldn't match up that well.
For nefarious hackery, it would have to successfully replicate both inputs within the allowable window. Possible, but chances of failure to force the typed password entry. Of course if you've lost physical access to your device you've kinda lost the security fight on most levels.
Where in my original post did I claim Samsung wasn’t the first with Iris scanning? All I said was that I hope Apple is working on IrisID, not once did I claim Apple would be the first with this.
Last edited:
Unfortunately, that's still not good enough. Can someone reassure me that the data will NEVER be used for any other purpose than unlocking the phone?
Not NEVER, since it's already being used for more than that. It's also used to authenticate who you are by some apps...
The face is not stored. For that data to be useful it would need to be detected by similar hardware and analyzed by similar software.
So, Never? No. Incredibly unlikely? yes.
My iPhone X won't unlock with my 11 year old son's face. We tried it over and over again.
[doublepost=1510862907][/doublepost]
I don't know that that is an excuse... but I agree they look very similar.
[doublepost=1510862907][/doublepost]
I don't know that that is an excuse... but I agree they look very similar.
Not hard at all. Touch ID is fantastic, but Face ID is even easier as you don't even have to think about it.
Perhaps I should rephrase to "reassure me...never used for any other purpose than authentication".
The insight into big data is a plausible reason behind the change. This will help with Apple's ambition in the augmented reality space too. It's about connecting the dots and now the dots are connected.
It will only be used for on-device authentication because the data you are concerned about - raw data about your face - doesn't exist. What exists is a CRYPTOGRAPHIC HASH of the data. When you authenticate, it hashes the new image and compares the two hashes. Cryptographic hashes are one-way functions - you cannot use the hashed value to recreate the face.
[doublepost=1510867635][/doublepost]
I should also point out it is impossible for software to access the hash- the hashed values are stored and compared in the secure element which cannot be accessed by the CPU. Instead, the CPU provides a new image to the element when you authenticate, and all the work is done by the secure element which just provides a "yeah it matches" or "no it doesn't" value back to the CPU. The CPU doesn't know the key, the hashed result, etc.
People have been stealing and breaking into things since the dawn of time. I can brick my phone the moment it's stolen so why does this matter? Still someone has to go through an incredible ordeal to bypass the security of face recognition. Did anyone consider that face recognition may not have been activated? It's easy to add a wallpaper that makes the phone appear locked and then without seeing the screen action pretend it was magically unlocked. Really how dumb can you be? Anything to bring the stock price down. How much is Samsung paying these trolls?
Last edited:
