Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone X FaceID is not really more secure!

Pagemakers

Pagemakers

macrumors 68030
Original poster
Mar 28, 2008
2,908
1,203
Manchester UK
Face ID is supposed to be more secure than Touch ID.

It’s not.

In fact it’s no more secure than a 4 digit code.

Here’s how...

Pick up your mate's iPhone X. Try to authenticate using FaceID. You can’t. Now look what happens. You simply need to input their security code (could be 4 digits) to gain full access to the phone.

Apple could make FaceID 2 a hundred times more secure in iOS 12 but if it falls back to a 4 digit code it’s irrelevant.

Never thought about it until tonight when a mate demonstrated it to me in the local pub!!!
 
  • Like
Reactions: pastaman321
Weird comment - obviously there has to be a backup for faceid (or touchid) and if you only have a 4 digit code ..
and if you know the code what do you expect?
 
  • Like
Reactions: raqball
Haha. You’re missing the point. 4 digit or 6 digit code is irrelevant.

FaceID was sold to us because it was infinitely more secure than TouchID. We have to agree that TouchID is infinitely more secure than a 4 or 6 digit code. You guys are even laughing at my stupid friend for setting a 4 digit code (like many people) but if FaceID falls back to a 4 or 6 digit code it is no more secure than a 4 or 6 digit code it replaces.

If FaceID 2 is accurate to say only 2 people on planet Earth but a failed login attempt falls back to a 4 or 6 digit code than the entire FaceID security is irrelevant.

Think about it before you reply!
 
If you could unlock a first edition iPhone with a 4 or 6 digit code and you can do exactly the same with an iPhone X which is the more secure?
[doublepost=1520632418][/doublepost]Why would you make something so secure that there is only 1 in a trillion chance of unlocking the device and when that fails you allow a 4 or 6 digit code.
 
Pagemakers said:
Haha. You’re missing the point. 4 digit or 6 digit code is irrelevant.

FaceID was sold to us because it was infinitely more secure than TouchID. We have to agree that TouchID is infinitely more secure than a 4 or 6 digit code. You guys are even laughing at my stupid friend for setting a 4 digit code (like many people) but if FaceID falls back to a 4 or 6 digit code it is no more secure than a 4 or 6 digit code it replaces.

If FaceID 2 is accurate to say only 2 people on planet Earth but a failed login attempt falls back to a 4 or 6 digit code than the entire FaceID security is irrelevant.

Think about it before you reply!
Click to expand...
TouchID infinetly more secure than a 4 or 6 digit code. OK.

You're in the UK so, I will explain my reasoning for a 6 digit code…

Maybe TouchID IS more secure than a 6 digit code. But in the US, the judicial system has ruled that a fingerprint can be compelled from you to unlock your phone. But a passcode cannot.

Hence I use a passcode.

Now I'm not the kind of person that is in situations where I actually need to worry about that, but I don't like giving my government any more of a helpful hand to my private data than I have to. If they want to see my Walmart grocery photos in my camera roll they can get a court order for my passcode.
 
[doublepost=1520632834][/doublepost]
Pagemakers said:
If you could unlock a first edition iPhone with a 4 or 6 digit code and you can do exactly the same with an iPhone X which is the more secure?
[doublepost=1520632418][/doublepost]Why would you make something so secure that there is only 1 in a trillion chance of unlocking the device and when that fails you allow a 4 or 6 digit code.
Click to expand...

You can also set a alfanumerical code larger than 6 positions.
 
  • Like
Reactions: Wowereit
Pagemakers said:
If you could unlock a first edition iPhone with a 4 or 6 digit code and you can do exactly the same with an iPhone X which is the more secure?
[doublepost=1520632418][/doublepost]Why would you make something so secure that there is only 1 in a trillion chance of unlocking the device and when that fails you allow a 4 or 6 digit code.
Click to expand...


It's the users choice, if they care about security they can set a sufficiently long and complex alphanumeric password that would mean Face ID or Touch ID it would fail to something equally or harder to break than Face ID or Touch ID.
 
  • Like
Reactions: Skika and Shirasaki
Pagemakers said:
Face ID is supposed to be more secure than Touch ID.

It’s not.

In fact it’s no more secure than a 4 digit code.

Here’s how...

Pick up your mate's iPhone X. Try to authenticate using FaceID. You can’t. Now look what happens. You simply need to input their security code (could be 4 digits) to gain full access to the phone.

Apple could make FaceID 2 a hundred times more secure in iOS 12 but if it falls back to a 4 digit code it’s irrelevant.

Never thought about it until tonight when a mate demonstrated it to me in the local pub!!!
Click to expand...
Why would your “mate” give you his passcode? Guess what, it works the same way with touchid. Having the passcode pretty much defeats any biometric protection. Most, have a 6-10 digit passcode regardless.
 
  • Like
Reactions: raqball and keysofanxiety
Pagemakers said:
FaceID was sold to us because it was infinitely more secure than TouchID. We have to agree that TouchID is infinitely more secure than a 4 or 6 digit code.
Click to expand...

You security method is a 4-digit, 6-digit or even full password (what I use). TouchID/FaceID are NOT your security. They're a convenience so you don't always need to type in your passcode/password. That's why you're forced to input your passcode/password after a reboot, after it has sat for too long, when doing a software update, when changing your account information, etc. They don't default to TouchID/FaceID, they default to your actual security.

If you use a 4-digit pin, that's how secure you are. It doesn't matter if you're talking about the original iPhone or the iPhone X. That's how it's always been.
 
  • Like
Reactions: hockeyfan81, Skika, Mr.Blacky and 3 others
Some maths:

a 4 digit password has 10,000 possible combinations
a 6 digit password has 1,000,000 possible combinations

a 8 character alphanumeric (ignoring symbols and capitals for now) has:
(10+26)^8 = 2,821,109,907,456 possible combinations

a 8 character alphanumeric with capitals (no symbols):
(10+26+26)^8 = 218,340,105,584,896 possible combinations

Touch ID has a supposed 1 in 50,000 chance of opening with the wrong finger.

Face ID has a chance of 1 in 1,000,000.
source

So although 4 digit password is statistically easier to guess/break than Touch ID or Face ID, as soon as you set a 6 digit password or alphanumeric password, it stands that the phone is more secure with Face ID than it would be with Touch ID due to Face ID's higher accuracy and the passcode not being the lowest barrier to entry on the phone.

Now this is ignoring all the caveats of Face ID being unlocked by twins etc.
 
  • Like
Reactions: MarioPhone96, Shirasaki, cynics and 6 others
MEJHarrison said:
You security method is a 4-digit, 6-digit or even full password (what I use). TouchID/FaceID are NOT your security. They're a convenience so you don't always need to type in your passcode/password. That's why you're forced to input your passcode/password after a reboot, after it has sat for too long, when doing a software update, when changing your account information, etc. They don't default to TouchID/FaceID, they default to your actual security.

If you use a 4-digit pin, that's how secure you are. It doesn't matter if you're talking about the original iPhone or the iPhone X. That's how it's always been.
Click to expand...
I agree 100%

That’s not quite how Apple sold FaceID to us though. To be honest I never really thought about it until today.

We would probably need a 50 digit code to be as secure as FaceID. I’m guessing not many of us have that.

So if we now agree that FaceID is down to convenience. Is it really more convenient than TouchID? If the answer is no then what’s the point?
 
Pagemakers said:
I agree 100%

That’s not quite how Apple sold FaceID to us though. To be honest I never really thought about it until today.

We would probably need a 50 digit code to be as secure as FaceID. I’m guessing not many of us have that.

So if we now agree that FaceID is down to convenience. Is it really more convenient than TouchID? If the answer is no then what’s the point?
Click to expand...
A 6 digit password would be equally secure as Face ID
 
Newtons Apple said:
Yep, I am thinking my X is unsecured now and will toss in the garbage. 4 digit passcode, what was Apple thinking.
Click to expand...


You do realise that you can set as long as complex codes as you want, right? You can make your code "bannanaPumpk1nPIZZA∞∞" if you want. Furthermore, if the code is entered incorrectly you'll have to wait to enter it again, to prevent brute force attack, and optionally 10 incorrect attempts will nuke all data on the device
 
  • Like
Reactions: Peter K. and MEJHarrison
Pagemakers said:
We would probably need a 50 digit code to be as secure as FaceID. I’m guessing not many of us have that.
Click to expand...

A 6-digit passcode has 1,000,000 combinations. Apple told us there's a 1 in 1,000,000 chance someone else can unlock your phone with your face. Where are you getting a 50-digit code from? And even then, how many chances do you get to try random passcodes before the phone locks?

A passcode is also more secure because you can't be compelled to give up your passcode like they can with your fingerprint and possibly your face.

Pagemakers said:
So if we now agree that FaceID is down to convenience. Is it really more convenient than TouchID? If the answer is no then what’s the point?
Click to expand...

That's a personal question obviously. For me the answer is yes, FaceID is absolutely more convenient than TouchID in general day-to-day usage.
 
casperes1996 said:
You do realise that you can set as long as complex codes as you want, right? You can make your code "bannanaPumpk1nPIZZA∞∞" if you want. Furthermore, if the code is entered incorrectly you'll have to wait to enter it again, to prevent brute force attack, and optionally 10 incorrect attempts will nuke all data on the device
Click to expand...
But MOST people would never do that. I bet 90% of codes are 4-6 digits.

This being the case it’s irrelevant how secure FaceID is.
 
  • Like
Reactions: Newtons Apple
Pagemakers said:
But MOST people would never do that. I bet 90% of codes are 4-6 digits.

This being the case it’s irrelevant how secure FaceID is.
Click to expand...
Read below, a 6 digit code is just as secure and I am pretty sure the default on iOS now
Code cookies said:
Some maths:

a 4 digit password has 10,000 possible combinations
a 6 digit password has 1,000,000 possible combinations

a 8 character alphanumeric (ignoring symbols and capitals for now) has:
(10+26)^8 = 2,821,109,907,456 possible combinations

a 8 character alphanumeric with capitals (no symbols):
(10+26+26)^8 = 218,340,105,584,896 possible combinations

Touch ID has a supposed 1 in 50,000 chance of opening with the wrong finger.

Face ID has a chance of 1 in 1,000,000.
source

So although 4 digit password is statistically easier to guess/break than Touch ID or Face ID, as soon as you set a 6 digit password or alphanumeric password, it stands that the phone is more secure with Face ID than it would be with Touch ID due to Face ID's higher accuracy and the passcode not being the lowest barrier to entry on the phone.

Now this is ignoring all the caveats of Face ID being unlocked by twins etc.
Click to expand...
 
  • Like
Reactions: aevan and akash.nu
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back