Apple Shares In-Depth Security Info on Face ID in New White Paper and Support Doc

[nofear1az]

He’s Right?
After 6,5 days and 4 hours of sleep both are met.

And what I'm reading into that is at a bare minimum after every 7 days rounded up, you will HAVE to put in your passcode at least once because you will be sleeping for more than 4 hours.

So, you've been using FaceID successfully all week long and by the end of the week after going to sleep for 8 hours and waking up to check the phone - you will be greeted by passcode screen. You haven't used the passcode in 6.5 days [check] because of FaceID AND you were sleeping for 8hrs [4hrs check] so that equals passcode screen. Not a good design if this is the case.

- The passcode hasn't been used to unlock the device in the last six and a half days and Face ID hasn't unlocked the device in the last 4 hours.

 

[flat five]

Only in about three instances I can think of, off the top of my head:

1. Shaving off a long or thick beard.... gradual hair growth will be recognized and adapted to. (What's on the top of your head is apparently less significant as illustrated by Apple's own info with the person suddenly wearing a headscarf.)

2. Major Plastic Surgery.... different facial features.

3. Wearing of glasses, dark enough to impede the flow of IR light.... in which case you'll have to take them off.

And in cases 1&2 which aren't exactly routine events, it's as simple as a quick re-setup.
Again, the accent is on 'major' in Apple's info.

i don't know, i read the bit about this a little differently :

Face ID, as Apple has said, adapts to changes in appearance, and the document gives a bit more info on that topic. If there is a major change in appearance, like the disappearance of a full beard or a significant haircut, Apple will require a passcode and then update the stored facial data accordingly once your identity is confirmed.
​

..if you shave a full beard, you don't have to reinitialize your faceID profile.. it will require a passcode to make sure it's you and if so, it will now know you've shaved your beard and won't prompt for passcode next time.. it learned your new look.

i assume-- it's still getting a majority positive read (like your eyes and nose).. but something is weird to it so it asks for passcode to clarify.

still guessing-- if you get a significant haircut and shave a full beard on the same day.. ie- multiple major changes at once.. it will maybe then require resetting the profile.

but point is, according to that blurb above, i think it's designed around being able to adapt to a change such as removal of full beard without requiring anything except a passcode from the user

?
[doublepost=1506570317][/doublepost]

And what I'm reading into that is at a bare minimum after every 7 days rounded up, you will HAVE to put in your passcode at least once because you will be sleeping for more than 4 hours.

So, you've been using FaceID successfully all week long and by the end of the week after going to sleep for 8 hours and waking up to check the phone - you will be greeted by passcode screen. You haven't used the passcode in 6.5 days [check] because of FaceID AND you were sleeping for 8hrs [4hrs check] so that equals passcode screen. Not a good design if this is the case.

huh?
it's been like this since iOS 9.
(well, it was originally 6days/8hrs instead of 6.5days/4hrs... but still, same deal)

and you've noticed it exactly how many times i wonder?

.

 

[nofear1az]

i don't know, i read the bit about this a little differently :

Face ID, as Apple has said, adapts to changes in appearance, and the document gives a bit more info on that topic. If there is a major change in appearance, like the disappearance of a full beard or a significant haircut, Apple will require a passcode and then update the stored facial data accordingly once your identity is confirmed.
​

..if you shave a full beard, you don't have to reinitialize your faceID profile.. it will require a passcode to make sure it's you and if so, it will now know you've shaved your beard and won't prompt for passcode next time.. it learned your new look.

i assume-- it's still getting a majority positive read (like your eyes and nose).. but something is weird to it so it asks for passcode to clarify.

still guessing-- if you get a significant haircut and shave a full beard on the same day.. ie- multiple major changes at once.. it will maybe then require resetting the profile.

but point is, according to that blurb above, i think it's designed around being able to adapt to a change such as removal of full beard.

?
[doublepost=1506570317][/doublepost]
huh?
it's been like this since iOS 9.
(well, it was originally 6days/8hrs instead of 6.5days/4hrs... but still, same deal)

and you've noticed it exactly how many times i wonder?

.

HUHHHHHH? !!!!! (I can only imagine your facial expression when you say it)

I wouldn't know, never used TouchID on iPhone. But if that doesn't bother you because it's Apple's norm then I guess whatever floats your boat. I find it kinda stupid. The whole point is to get away from entering in a passcode but like I said that doesn't bother you.

 

[flat five]

HUHHHHHH? !!!!! (I can only imagine your facial expression when you say it)

if i were to say that instead of type it, it would be more like "say what?"...
just like that.. not "SsAAassAAsYsY wHHHaATtt!!1?!"
srry.

I wouldn't know, never used TouchID on iPhone. But if that doesn't bother you because it's Apple's norm then I guess whatever floats your boat. I find it kinda stupid. The whole point is to get away from entering in a passcode but like I said that doesn't bother you.

??
if you don't enter a passcode at least once a week on your phone (assuming you have passcode lock enabled), for reasons other than this, then your phone has a higher chance of being lost or otherwise abandoned.. (or in the possession of someone you'd rather not be in possession of the phone)

entering a passcode at least once a week will prevent this from triggering.. and if it does trigger then you simply enter a passcode..

i mean, like you said.. it totally doesn't bother me to occasionally enter a passcode to unlock my phone..
(but it's also highly likely i've never entered a passcode due to this rule)

how do you unlock your phone? (assuming you have a phone).. how often do you enter a passcode? (assuming you have passcode protection enabled).. on a scale of 1-10, how bothersome is entering a passcode for you?

-----
you find it stupid, ok.. why do you think it's there? because you're talking the talk ala it's an arbitrary rule made by Apple to make their sheep suffer.. is that your only analysis or can you see other reasoning why it acts like that>

 

[BvizioN]

The ignorant one is you, as said many times, if that was the case it would have asked on the first try, not the second.

For the ones who are not blind, that’s what happened.
Back to specsevers now.......

 

[macs4nw]

.....but point is, according to that blurb above, i think it's designed around being able to adapt to a change such as removal of full beard without requiring anything except a passcode from the user?.....

Correct.... the way I understood anyway. My mistake, I did not specifically mention that.

 

[nofear1az]

if i were to say that instead of type it, it would be more like "say what?"...
just like that.. not "SsAAassAAsYsY wHHHaATtt!!1?!"
srry.


??
if you don't enter a passcode at least once a week on your phone (assuming you have passcode lock enabled), for reasons other than this, then your phone has a higher chance of being lost or otherwise abandoned.. (or in the possession of someone you'd rather not be in possession of the phone)

entering a passcode at least once a week will prevent this from triggering.. and if it does trigger then you simply enter a passcode..

i mean, like you said.. it totally doesn't bother me to occasionally enter a passcode to unlock my phone..
(but it's also highly likely i've never entered a passcode due to this rule)

how do you unlock your phone? (assuming you have a phone).. how often do you enter a passcode? (assuming you have passcode protection enabled).. on a scale of 1-10, how bothersome is entering a passcode for you?

-----
you find it stupid, ok.. why do you think it's there? because you're talking the talk ala it's an arbitrary rule made by Apple to make their sheep suffer.. is that your only analysis or can you see other reasoning why it acts like that>

okkkkkkay!

Maybe I just don't get it, how does entering your passcode in once a week make your phone more secure or not abandoned if you are already relying on TouchID? If you are using TouchID for authentication why do you need to put in the passcode once a week to remind the phone yes that is still your touch touching you.

We, my family are previous iPhone users (I am refraining from saying which kind to not set anyone off) and they do not have this weekly passcode requirement to remind the phone that it should not have abandonment issues. That's the whole point of TouchID so you don't need to use the passcode. There is a certain number point of times that if you were required to enter in your passcode say like a 40/60 threshold that you would simple reject using TouchID altogether and just use the passcode all the time for simple effectiveness. Obviously, Apple has NOT reached this threshold so it's not a problem.

Now, when you start throwing in such cliche words as 'sheep' or even the 'sheeple' I know where this is going to ultimately lead to but do note that your forward assumptions would be so wrong about me. I am not an Apple basher or hater, I just stated an opinion about a feature I felt was kinda stupid or a bad design. It was a totally off the cuff moment and didn't realize it was going to hit people with such affliction. My bad!

 

[macfacts]

Face ID never failed during the event. It did exactly what it was supposed to do, and revert to a passcode option because others handled the iPhone before Craig did, which locked him out. The only thing that failed was the actual demo to the audience, not Face ID itself.

So what you're saying is that those people were holding the iPhone incorrectly while setting up the stage?

 

[miniyou64]

I believe you posted the exact same thing with the release of TouchID and the iPhone 5s. Was that you?

No as a matter fact Touch ID is infinitely more secure in a number of ways that Fave ID, by nature isn’t.

 

[Looney01]

Well, you're going to be waiting for the rest of your days. Whatever the state of development currently, the bigger idea of Face ID, I'd imagine, will be to remove the idea of "unlocking" entirely, and simply have a continuous verification of the user. So, if someone unlocks your phone, in whatever way, the phone will quickly recognize that it's not the correct user, and just lock again. Apple isn't trying to "sell" you on the idea that it's better; it simply is better...

I like what you’re saying! Perfect solution to security problem is FaceID is always on scanning your face. No matter who steals your phone even while unlocked, the moment FaceID detects a different user it locks.

Would be a blow to battery life but I’m sure they could come up with a solution to that.

Guess that will be the feature in the iPhone Xs/iphone XI whatever they call it.

 

[DeepIn2U]

It failed. People have dissected the video with a lot of scrutiny, you can see that it tries to read his face twice and fails. Did you really think Apple would come out and admit it?

And now it seems Apple has increased the number of FaceID failure attempts from 2, now to 5!

I wonder why? Lol maybe Craig was loosing hair over failed attempts and well wouldn’t look the same for the next Apple presentation

 

[macs4nw]

xx

 

[symphara]

i'm pretty sure touchID has the same conditions.

Sounds like bad user experience. I very rarely put in the password on my phone - basically, only when I reboot it.

I'm still waiting to see it in person, but by the looks of it, the odds of me buying the iPhone X are extremely slim and getting slimmer.
[doublepost=1506585384][/doublepost]

So you've used FaceID and can confirm it's subpar compared to TouchID? I didn't know the public had access to test FaceID yet! Can you please explain more about your experiences with FaceID? I'm really keen to hear what it's like, and you don't sound like the type of person who would judge a technology before you've used it

I carefully watched the presentation and all the clips posted online with people using it, when they were allowed time with the X, and for sure FaceID is an inferior solution that also feels half-baked to me. Like Plan B - they couldn't do the in-glass sensor and they had to have something.

With the fingerprint reader, I have the phone unlocked by the time I look at it. Unlocking is seamlessly integrated with the gesture of picking it up. When I look at my phone I'm already in the home screen.

With FaceID, you need to pick it up and look at it to unlock it. You have to interact with the lock screen, which is something I don't do now. It's just slower and less convenient.

 

[macs4nw]

So what you're saying is that those people were holding the iPhone incorrectly while setting up the stage?

You can make light of this but it could've simply just been staff members fawning over it last-minute, and unwittingly using up the number of FaceID mismatches allowed. All in all, a minor snafu that's been widely misinterpreted by the media and the public at large, and blown out of proportion by a lack of knowledge by the suddenly plentiful critics.

It's actually a neat way to get confirmation someone has been fiddling with your phone in a moment of inattention on your part.

 

[roeiz]

most of you guys seems to be afraid of the future...
this will be the future soon so it will be perfected in a couple of years.
either accept it or stay back with the horse carriage
your choice if you wanna be the 1st gen or not.
all those security issues and fails are nonsense atm.

 

[symphara]

most of you guys seems to be afraid of the future...
this will be the future soon so it will be perfected in a couple of years.
either accept it or stay back with the horse carriage
your choice if you wanna be the 1st gen or not.
all those security issues and fails are nonsense atm.

That's not it at all.

If the "future" was something more convenient than the current state-of-the-art, I'd be all for it. Under glass fingerprint sensors or whatever they can think of.

Face scanning is just less convenient than the existing unlock method. This is as clear as daylight. It requires a longer and more complex interaction with the phone, just to unlock it.

And what do you mean by "perfect it"? That it would unlock the phone when I'm simply around, instead of me lifting it and looking at it?

First thing, I don't actually want this, I want to decide for myself when to unlock my phone, not the phone to make this decision. Secondly, I can already do this today, I wear a smartwatch and I can set it as trusted Bluetooth device on the phone, so the phone is unlocked when it's around me. I don't use this feature precisely because I want to have control over the unlock.

This is not "the future", it's just a speed bump on the road, and I guess once they manage to do the under-glass fingerprint sensor it will become roadkill.

 

[roeiz]

That's not it at all.

If the "future" was something more convenient than the current state-of-the-art, I'd be all for it. Under glass fingerprint sensors or whatever they can think of.

Face scanning is just less convenient than the existing unlock method. This is as clear as daylight. It requires a longer and more complex interaction with the phone, just to unlock it.

And what do you mean by "perfect it"? That it would unlock the phone when I'm simply around, instead of me lifting it and looking at it?

First thing, I don't actually want this, I want to decide for myself when to unlock my phone, not the phone to make this decision. Secondly, I can already do this today, I wear a smartwatch and I can set it as trusted Bluetooth device on the phone, so the phone is unlocked when it's around me. I don't use this feature precisely because I want to have control over the unlock.

This is not "the future", it's just a speed bump on the road, and I guess once they manage to do the under-glass fingerprint sensor it will become roadkill.

i think face rec. will be the future, or eye scanner etc.
but not fingerprint. this just seems dated (for the future)
i DO think they will come up with refining the quickness and make it really efficient.
or maybe i'm wrong

 

[Abazigal]

Reference?

Logic.

If you have two ways of unlocking your phone and include both, then your phone is only as secure as your least secure method of unlocking, which in this case is Touch ID. Since face ID is being positioned as being way more secure, there is no reason to include a less secure method.

It’s like arguing that your door should have a less secure lock that you can use as a backup should you lose the key to your main lock. Such a move would only weaken the overall security of your house, and make the more secure lock redundant.

 

[kdarling]

Maybe I just don't get it, how does entering your passcode in once a week make your phone more secure or not abandoned if you are already relying on TouchID? If you are using TouchID for authentication why do you need to put in the passcode once a week to remind the phone yes that is still your touch touching you.

I think Apple is just hedging their bets, because TouchId is easy to fool if someone really wants.

Heck, even a slow person can make a counterfeit fingerprint in a few days that will unlock TouchId (if they have a good source print). A fast person can do it in hours.

So by building in the passcode timeout ahead of time, I think they hope to prevent a widespread catastrophe if, say, someone started selling a super cheap 3D printer with the option to scan fingerprints and make duplicates.

It's just the smart thing to do.

 

[kdarling]

"Atennagate", a tempest in a teapot invented on rumour sites because it was great click-bait but it didn't effect the vast majority of users of the iPhone 4 nor sales.

Thank you for proving that people often only remember the sound bites that Apple wants them to. Your comments are a perfect example:

Why? It is worth noting that other phones had attenuated signals when held in specific ways and other phones bent, but those stories don't get the clicks or the vitriol of readers going, do they?

Other phones did not drop calls by placing only a pinky over one tiny spot, like the iPhone 4 could. You're comparing full hand death grips with a tiny touch, just as Jobs hoped you would.

In reality, Anandtech found from their tests that just putting it in your hand caused a 20dB drop in signal. The previous model, the 3GS, only dropped 2dB in the same situation. That means the iPhone 4 had twenty times the signal drop of the 3GS when held the same way.

As Anandtech put it:

"The main downside to the iPhone 4 is the obvious lapse in Apple's engineering judgment. The fact that Apple didn't have the foresight to coat the stainless steel antenna band with even a fraction of an ounce worth of non-conductive material either tells us that Apple doesn't care or that it simply doesn't test thoroughly enough."

http://www.anandtech.com/show/3794/the-iphone-4-review/16

As we found out, it was the latter. The fact that field testers had to use cases to camouflage the new phones, meant they never experienced the naked phone dropouts.

And that's just one part of his verbal deflection. Jobs also stated that the design error "only" increased dropped call rates by 1%. The thing was, AT&T had recently released figures (despite what Jobs said) saying the previous rate was only around 1%. So it apparently had almost double the normal drop out rate. But Apple cleverly avoided such a comparison by only giving a number that sounded small. Again, not a lie, but not the whole truth either.

So you have used two of the biggest hoax stories to accuse others of dishonesty. Nice.

Nope, I used two of the biggest examples of Apple handwaving to demonstrate how clever they are with PR, and how easy it is to fool most listeners.

You're the one stating that such actions equate to dishonesty.

 

[iShater]

So you've used FaceID and can confirm it's subpar compared to TouchID? I didn't know the public had access to test FaceID yet! Can you please explain more about your experiences with FaceID? I'm really keen to hear what it's like, and you don't sound like the type of person who would judge a technology before you've used it

No I have not. But I like the freedom you get with TouchId to add multiple access to the phone. I am not sure how I feel at 5AM having to "give attention" to the phone to unlock it vs. doing it when my face is half under the covers

 

[gaximus]

Logic.

If you have two ways of unlocking your phone and include both, then your phone is only as secure as your least secure method of unlocking, which in this case is Touch ID. Since face ID is being positioned as being way more secure, there is no reason to include a less secure method.

It’s like arguing that your door should have a less secure lock that you can use as a backup should you lose the key to your main lock. Such a move would only weaken the overall security of your house, and make the more secure lock redundant.

I was asking for a reference on why the statement "Because Apple couldn't figure out in time how to put the TouchID sensor under the screen." was "Not true",

Your reply states that Apple chose to go with just the FaceID over FaceID and TouchID, which makes since, but totally missed what I was asking for.

 

[Websnapx2]

Am I the only one who read this line?

"If there is a major change in appearance, like the disappearance of a full beard or a significant haircut, Apple will require a passcode and then update the stored facial data accordingly once your identity is confirmed."

So your telling me you'll have to do the facial recognition setup often?

How often do you shave off a full beard or cut your hair significantly different? Most aren't able to grow those very quickly to get anywhere near a "significant" change.

 

[nofear1az]

I think Apple is just hedging their bets, because TouchId is easy to fool if someone really wants.

Heck, even a slow person can make a counterfeit fingerprint in a few days that will unlock TouchId (if they have a good source print). A fast person can do it in hours.

So by building in the passcode timeout ahead of time, I think they hope to prevent a widespread catastrophe if, say, someone started selling a super cheap 3D printer with the option to scan fingerprints and make duplicates.

It's just the smart thing to do.

Thank you for answering, that makes sense.

 

[Tech198]

Heck, even a slow person can make a counterfeit fingerprint in a few days that will unlock TouchId (if they have a good source print). A fast person can do it in hours.

The stray of "easy to fool" should be no interpretation of it being not secure.

Who exactly would have my phone for a few hours to even try ? Police aren't gonna go to that extreme, but criminals might.

Secure enough.....