iPhone X FaceID is not really more secure!

Discussion in 'iPhone' started by Pagemakers, Mar 9, 2018.

  1. Pagemakers macrumors 68020

    Pagemakers

    Joined:
    Mar 28, 2008
    Location:
    Manchester UK
    #1
    Face ID is supposed to be more secure than Touch ID.

    It’s not.

    In fact it’s no more secure than a 4 digit code.

    Here’s how...

    Pick up your mate's iPhone X. Try to authenticate using FaceID. You can’t. Now look what happens. You simply need to input their security code (could be 4 digits) to gain full access to the phone.

    Apple could make FaceID 2 a hundred times more secure in iOS 12 but if it falls back to a 4 digit code it’s irrelevant.

    Never thought about it until tonight when a mate demonstrated it to me in the local pub!!!
     
  2. lexvo macrumors 65816

    Joined:
    Nov 11, 2009
    Location:
    The Netherlands
    #2
    Why did your mate set a security code of only 4 digits?
     
  3. eyoungren macrumors Core

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    ten-zero-eleven-zero-zero by zero-two
    #3
    Hmmm. Good thing I'm still on a 6s+ using a 6 digit pin code then.
     
  4. CTHarrryH macrumors 68000

    Joined:
    Jul 4, 2012
    #4
    Weird comment - obviously there has to be a backup for faceid (or touchid) and if you only have a 4 digit code ..
    and if you know the code what do you expect?
     
  5. Newtons Apple macrumors Core

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #5
    Yep, I am thinking my X is unsecured now and will toss in the garbage. 4 digit passcode, what was Apple thinking.
     
  6. Eggtastic macrumors 6502a

    Eggtastic

    Joined:
    Jun 9, 2009
    Location:
    NJ
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #7
    It's amazing that one is able to access the secure iPhone, when one has been given the 4 digit code.
     
  8. noobinator macrumors 603

    noobinator

    Joined:
    Jun 19, 2009
    Location:
    Pasadena, CA
    #8
    Thanks Captain Obvious for letting us know you can get into your mates phone if they provide you their 4 digit PIN.
     
  9. MacDawg macrumors Core

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #9
    It would be so much more secure if when FaceID failed the phone was bricked entirely with no way to access it
     
  10. Pagemakers thread starter macrumors 68020

    Pagemakers

    Joined:
    Mar 28, 2008
    Location:
    Manchester UK
    #10
    Haha. You’re missing the point. 4 digit or 6 digit code is irrelevant.

    FaceID was sold to us because it was infinitely more secure than TouchID. We have to agree that TouchID is infinitely more secure than a 4 or 6 digit code. You guys are even laughing at my stupid friend for setting a 4 digit code (like many people) but if FaceID falls back to a 4 or 6 digit code it is no more secure than a 4 or 6 digit code it replaces.

    If FaceID 2 is accurate to say only 2 people on planet Earth but a failed login attempt falls back to a 4 or 6 digit code than the entire FaceID security is irrelevant.

    Think about it before you reply!
     
  11. bigjnyc macrumors 603

    bigjnyc

    Joined:
    Apr 10, 2008
    #11
    the same thing happened with touch ID since the iPhone 5S, not sure what the point is here.
     
  12. Pagemakers thread starter macrumors 68020

    Pagemakers

    Joined:
    Mar 28, 2008
    Location:
    Manchester UK
    #12
    If you could unlock a first edition iPhone with a 4 or 6 digit code and you can do exactly the same with an iPhone X which is the more secure?
    --- Post Merged, Mar 9, 2018 ---
    Why would you make something so secure that there is only 1 in a trillion chance of unlocking the device and when that fails you allow a 4 or 6 digit code.
     
  13. eyoungren macrumors Core

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    ten-zero-eleven-zero-zero by zero-two
    #13
    TouchID infinetly more secure than a 4 or 6 digit code. OK.

    You're in the UK so, I will explain my reasoning for a 6 digit code…

    Maybe TouchID IS more secure than a 6 digit code. But in the US, the judicial system has ruled that a fingerprint can be compelled from you to unlock your phone. But a passcode cannot.

    Hence I use a passcode.

    Now I'm not the kind of person that is in situations where I actually need to worry about that, but I don't like giving my government any more of a helpful hand to my private data than I have to. If they want to see my Walmart grocery photos in my camera roll they can get a court order for my passcode.
     
  14. lexvo macrumors 65816

    Joined:
    Nov 11, 2009
    Location:
    The Netherlands
    #14
    --- Post Merged, Mar 9, 2018 ---
    You can also set a alfanumerical code larger than 6 positions.
     
  15. Code cookies macrumors member

    Joined:
    Dec 23, 2011
    Location:
    UK
    #15

    It's the users choice, if they care about security they can set a sufficiently long and complex alphanumeric password that would mean Face ID or Touch ID it would fail to something equally or harder to break than Face ID or Touch ID.
     
  16. BugeyeSTI macrumors 68030

    BugeyeSTI

    Joined:
    Aug 19, 2017
    Location:
    Arizona
    #16
    Why would your “mate” give you his passcode? Guess what, it works the same way with touchid. Having the passcode pretty much defeats any biometric protection. Most, have a 6-10 digit passcode regardless.
     
  17. ericgtr12 macrumors 65816

    ericgtr12

    Joined:
    Mar 19, 2015
    #17
    Any information spread from hacking that phone would be fake news anyway.
     
  18. MEJHarrison macrumors 65816

    Joined:
    Feb 2, 2009
    #18
    You security method is a 4-digit, 6-digit or even full password (what I use). TouchID/FaceID are NOT your security. They're a convenience so you don't always need to type in your passcode/password. That's why you're forced to input your passcode/password after a reboot, after it has sat for too long, when doing a software update, when changing your account information, etc. They don't default to TouchID/FaceID, they default to your actual security.

    If you use a 4-digit pin, that's how secure you are. It doesn't matter if you're talking about the original iPhone or the iPhone X. That's how it's always been.
     
  19. Code cookies macrumors member

    Joined:
    Dec 23, 2011
    Location:
    UK
    #19
    Some maths:

    a 4 digit password has 10,000 possible combinations
    a 6 digit password has 1,000,000 possible combinations

    a 8 character alphanumeric (ignoring symbols and capitals for now) has:
    (10+26)^8 = 2,821,109,907,456 possible combinations

    a 8 character alphanumeric with capitals (no symbols):
    (10+26+26)^8 = 218,340,105,584,896 possible combinations

    Touch ID has a supposed 1 in 50,000 chance of opening with the wrong finger.

    Face ID has a chance of 1 in 1,000,000.
    source

    So although 4 digit password is statistically easier to guess/break than Touch ID or Face ID, as soon as you set a 6 digit password or alphanumeric password, it stands that the phone is more secure with Face ID than it would be with Touch ID due to Face ID's higher accuracy and the passcode not being the lowest barrier to entry on the phone.

    Now this is ignoring all the caveats of Face ID being unlocked by twins etc.
     
  20. Pagemakers thread starter macrumors 68020

    Pagemakers

    Joined:
    Mar 28, 2008
    Location:
    Manchester UK
    #20
    I agree 100%

    That’s not quite how Apple sold FaceID to us though. To be honest I never really thought about it until today.

    We would probably need a 50 digit code to be as secure as FaceID. I’m guessing not many of us have that.

    So if we now agree that FaceID is down to convenience. Is it really more convenient than TouchID? If the answer is no then what’s the point?
     
  21. Code cookies macrumors member

    Joined:
    Dec 23, 2011
    Location:
    UK
    #21
    A 6 digit password would be equally secure as Face ID
     
  22. casperes1996 macrumors 68040

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #22

    You do realise that you can set as long as complex codes as you want, right? You can make your code "bannanaPumpk1nPIZZA∞∞" if you want. Furthermore, if the code is entered incorrectly you'll have to wait to enter it again, to prevent brute force attack, and optionally 10 incorrect attempts will nuke all data on the device
     
  23. MEJHarrison macrumors 65816

    Joined:
    Feb 2, 2009
    #23
    A 6-digit passcode has 1,000,000 combinations. Apple told us there's a 1 in 1,000,000 chance someone else can unlock your phone with your face. Where are you getting a 50-digit code from? And even then, how many chances do you get to try random passcodes before the phone locks?

    A passcode is also more secure because you can't be compelled to give up your passcode like they can with your fingerprint and possibly your face.

    That's a personal question obviously. For me the answer is yes, FaceID is absolutely more convenient than TouchID in general day-to-day usage.
     
  24. Pagemakers thread starter macrumors 68020

    Pagemakers

    Joined:
    Mar 28, 2008
    Location:
    Manchester UK
    #24
    But MOST people would never do that. I bet 90% of codes are 4-6 digits.

    This being the case it’s irrelevant how secure FaceID is.
     
  25. Code cookies macrumors member

    Joined:
    Dec 23, 2011
    Location:
    UK
    #25
    Read below, a 6 digit code is just as secure and I am pretty sure the default on iOS now
     

Share This Page

67 March 9, 2018