Disclaimer: This post may contain affiliate links, meaning we get a small commission if you make a purchase through our links, at no cost to you. For more information, please visit our Disclaimer Page.
Face ID was launched by Apple in 2017. Apple changes the Touch ID system to the Face ID in every device since the iPhone X, but this system has brought a lot of controversies since it was launched. While at the very beginning, it seems like something very innovative, experts and users had found out many issues on Face ID, and it makes me wonder, is Face ID safer than a password?
The Face ID 3D facial map capture system is innovative, but it is not safer than a password. Face ID is an innovative security system. It has brought advanced technology to the market but as in any technology that is being developed, it has some issues. Face ID can be fooled, and even hacked.
In 2017, iPhone launched the Face ID to the iPhone X and the next devices. Face ID was created to replace the old Touch ID system that uses fingerprint biometric recognition.
Since that moment, this security system has created controversy among users and experts.
Being a point of conversation about all the issues that Face ID has presented since it launched, it makes wonder to the user how safe this system can be in comparison with other security systems.
Table of Contents
Is Face ID Secure?
Face ID was created to move on to the next stage of technology, and leave behind the Touch ID.
The Face ID system works by projecting infrared dots all over the face, then the infrared camera reads the image projected and generates a 3D facial map. And lastly the systems authenticate the facial map by making a comparison at real-time between the image projected and the facial map that is was the previous register on the device.
Face ID is not only used to unlock a device; actually, most of the apps provided by Apple and those who work on an iOS system use the Face ID as an authentication method.
From unlocking a phone, verify financial transactions, authorize online purchases; Face ID offers support and protection for most of the apps on iOS.
Even when Face ID has controversial reviews by experts all over the world, I can say that it is more advanced than other facial recognition systems and with a wider range of facilities for the user.
Previous systems used to work with a 2D facial recognition, while Face ID creates a 3D facial map.
Every facial recognition creates a first facial map that is used as a point of comparison, and every time this system is activated to verify identity, the system creates another facial map in real-time and analyses the matches between both facial maps.
Every facial recognition system follows the same steps to verify identity. These systems first detect and capture an image of the face, then create a 2D or 3D map by analyzing the geometry of a face.
Before comparing results, the image of the facial map is transcripted into data, and that data is compared with other ones to find matches. Any facial recognition system works with biometric identification.
Any kind of biometric identification is used to authenticate someone’s identity and works by comparing data. Face ID uses a morphological biometric identification method.
Even when 2D facial recognition is more used than 3D facial maps, the first map hardly depends on positions and light.
At the first step of the recognition, when the facial map is being captured, light attributes and the face position have to be very similar to the map that is used as a template when a 2D facial map system is being applied.
However, both types of facial maps 2D and 3D measure the geometrics of the face, like eyes size, position, shape, and it does the same with every feature of the face.
The biggest controversy about Face ID has been its accuracy.
When it comes to face capture, image map creation, and data analysis and transcription are more accurate than 2D systems. Face ID has been an important step in face recognition, but when it is about security this system can be fooled.
Can Face ID be Fooled?
Face ID analyses the matches between two facial maps. The system measures face features, and transcripts them into data. All over the world, many people share many similarities in appearance, just like twins.
Face ID has already presented some mistakes with this kind of situation, but putting that fact besides, Face ID can be fooled.
In 2019, the Black Hat USA was celebrated. This is an event where cybersecurity is the main topic.
Experts, hackers, and government agencies join together to talk about new studies, experiments, techniques, and methods on cybersecurity.
Back in 2019, one of the most shocking presentations was about how to bypass Face ID security systems, and how easy it is to fool this security system.
To fool the Face ID system, it is only needed tape, spectacles, and the iPhone user. A square of black tape is put on the spectacle, and then a tiny piece of white tape is put in the center of the black tape.
The spectacles have to be put on the iPhone’s user. Now, the scary side of this, is that the “technique” used to fool Face ID is applied when the user is unconscious.
Even when Face ID works with advanced 3D technology, it still having issues with liveness recognition. The liveness detection systems are in charge of determining when a face spoofing attack may happen by detecting certain facial expressions on the user’s face.
The basis of the liveness detection can be compared when gestures are used to capture a picture, most of these systems capture the facial map when a gesture is done.
Can you trick a Face ID with a picture?
Face ID works by creating a 3D facial map. By using an infrared dot projector, Face ID projects over 30.000 dots over the user’s face when the map is being created.
A 3D facial map system measures width, height, and depth; while a 2D system measures just width and height.A picture only has 2D properties, and since Face ID captures 3D facial maps, a picture cannot be used to unlock the device.
When the system creates the facial map that will be used as a template for Face ID to allow or deny access to the phone, one of the first steps is to move the face side to side and in a circle to measure the distance between ears and nose, nose length, cheekbones size, jawline width and so on.
These face proportions are taken into consideration when face detection is happening to unlock the phone or authorize an operation that requires the Face ID confirmation.
On the other side, a picture is flat and the depth property is missing, because of this, the Face ID system can’t measure the qualities mentioned before, so the access will be denied.
Could someone use Face ID to unlock your phone while you sleep?
Liveness identification or authentication systems are used to determine when the user is real. The liveness identification algorithm analyzes and measures the texture and motion from the data of the facial maps.
This has been a topic of discussion since the creation of the 2D facial maps structure, but Apple presents the 3D facial maps of Face ID as something innovative and secure.
Back in 2019, when the Black Hat USA event was celebrated, an intense conversation about how effective liveness detection on Face ID is.
Since a group of experts has demonstrated that just tape, spectacles, and the unconscious user/owner of the device are needed to unlock it, people have been questioning how safety is the Face ID identification system.
If the liveness identification systems don’t work properly, someone can unlock the device when the user is sleeping.
Is Face ID Bad for Your Eyes?
Face ID uses an infrared dot projector to measure and capture the 3D facial map. Over 30.000 infrared dots are reflected on the surface of the face to measure all the face features to create a facial map.
These infrared dots are also projected on the user’s eyes. Apple has alleged this infrared light is projected in a very low intensity, but Apple has never said what area of the infrared (IR) light spectrum Face ID works with.
First of all, let’s clarify that IR lights don’t cause cancer. Infrared light is non-ionizing radiation, the IR cannot strip cells at a molecular level, which in simple words, infrared light does not cause cancer.
Every day, people are exposed to ionizing radiation such as gamma rays, X-rays, and/or ultraviolet light; excessive exposure to these can cause several damages to the cells.
However, infrared light can’t generate cancer, but it may cause damage to the body.
Most of the infrared led used in phones are considered as “low-risk” infrared. Let’s make clear that infrared dots projected by the Face ID projector are not a laser.
The wavelength of an IR laser is around 700 nm, while the infrared led wavelength used on the iPhone camera is estimated between 870 nm and 950 nm.
Constant exposure to constant IR light may cause some damage to the eyes. To cause damage to the eye, the user should expose the eye to more than ten seconds at a very close distance to the phone camera.
However, the iPhone camera captures the facial map from over 20 cm away from the face, and it takes less than a second to capture the 3D map.
Nevertheless, even when Apple claims that infrared projector doesn’t cause any damage, according to the International Safety Standards, phone devices that project an IR light are considered as “low risk”, and this is still being a topic of study.
Is Face ID Safer Than a Password?
Password codes have been used since the very beginning of cybersecurity. Until the date, there is not any security system offered by a completely safe phone company, all of them are somehow vulnerable and have at least a flaw.
Creating a strong and complex password code can be hard to hack, but not impossible.
On the other side, Face ID creates and saves an image of the user’s face on the phone, once the security system has been taken down the whole user’s identity is vulnerable, and it has been exposed to the hacker.
Since Face ID uses a 3D map of the face, it is harder to hack than other systems.
Mostly because a picture can’t be used to fool the identity authentication.
Face ID uses a feature-based facial map that is unique for each consumer, once the facial map is transcripted into data, this one is unique and it can only be associated with that device user.
Even when Face ID can have a few issues by differentiating identical twins, the data – not only the facial map one but name and credentials– is associated with just one consumer, which is normally the owner and user of the device.
The facial map is not saved on the phone as a picture, even when it is a 3D map. Once the facial map has been captured, it is transformed into a binary code, this is when just 1’s and 0’s are used.
These are very long codes just for even just for one face feature, so I can say that is a very long data basis for only one user.
But once a hacker has passed the face recognition step, and then discovers how to transcript the binary code, the user identity is vulnerable.
It is said that at least, seven identical people all over the world shared the same features, like if they were twins. However, the data basis for every iPhone account that uses Face ID is inimitable.
This means that the binary codes related to a facial map are unrepeatable, even when there may be a lot of people that look similar to each other.
The codes of the facial map link with the bank account, credential, full name, and every app that uses Face ID as an authentication method.
Even when a password code can be easier hacked, this one can also change easier, but I cannot change my face every month!
Also, a password code cannot be necessarily linked to my face. A user can use different passwords for each account, and these accounts cannot be linked to each other. But, once a hacker has successfully entered a device, it may have access to the information saved on it.
Conclusion
Most of the security systems can be hacked, so users are vulnerable to any kind of cyber-attacks.
While every system offers support and has different features, they may have issues or present any kind of flaw on their systems.
Some users can prefer Face ID while others can prefer to use a simple password code or the Touch ID system, these can be determined just by the likes or needs of each user.