One of the hallmark features of Apple’s cutting-edge iPhone X smartphone – Face ID – replaces Touch ID for unlocking the device and for mobile payment authentication. Here's what it does and why it's more secure than Touch ID. Credit: Apple With just a glance, Face ID can unlock Apple’s new iPhone X, giving owners a new authentication paradigm for the first time since the arrival of Touch ID with the iPhone 5. Face ID – that’s Apple’s name for the technology – uses a complex front-facing camera system and accompanying software to unlock the iPhone and authenticate purchases and payments with a mere glance. The futuristic-seeming tech is one of the iPhone X’s main selling points, along with its “Super Retina” OLED screen, slimmer, bezel-less form factor and improved camera. But it also raises questions about whether the technology is as easy and secure to use as the tried-and-true fingerprint-based Touch ID. And more importantly, will it work as billed? Here’s what Face ID is, what it does and how it’s supposed to work. Before Face ID, the gold standard was Touch ID When reports began picking up steam this year that Apple would release an iPhone without Touch ID – the Home button-based authentication method that’s been around since 2013 – longtime Apple users were wary. Touch ID, which was updated with an even faster sensor in 2015, has become second-nature to iPhone (and iPad) owners when it comes to unlocking their phones and tablets and when making Apple Pay payments. Apple Touch ID is a classic piece of Apple tech: It just works. It’s simple to set up and easy to use – just place a finger on the sensor to unlock your device. Since its arrival, Touch ID has played no role in any major security breaches and has helped advance the move to mobile payments. Apple called it the gold standard for authentication, which explains why it’s included on all modern iPhones and iPads, including the new iPhone 8 and 8 Plus. With a solid track record and a 1-in-50,000 possibility that someone else’s fingerprint matches your own, why phase it out now? It comes down to form and function: The iPhone X’s new OLED display (form), which takes up the whole front of the phone, and the arrival of an even easier-to-use and secure authentication method (function). Face ID is Apple’s latest move to make security and authentication as convenient as possible. Touch ID is active, requiring that you physically touch a sensor; Face ID is passive, requiring only that you glance at the phone. Facial recognition technology isn’t even new. It’s been used on Samsung devices for several years now. What is new is Apple’s implementation. Samsung’s version of facial recognition can be defeated with a photograph; Face ID promises to be much smarter than that. How Face ID works The iPhone X’s “notch” – the dark strip at the top of the display – actually houses a variety of sensors, including the new True Depth camera system. This includes an infrared camera, a flood illuminator, a regular camera and a dot projector. The flood illuminator shines infrared light at your face, which allows the system to detect whoever is in front of the iPhone, even in low-light situations or if the person is wearing glasses (or a hat). Then the dot projector shines more than 30,000 pin-points of light onto your face, building a depth map that can be read by the infrared camera. Apple Face ID being set up. It’s all analyzed by the custom Apple A11 “Bionic” chipset and compared against data in the Secure Enclave on the phone. (Apple stresses that face data never leaves the iPhone X and is never backed up anywhere, even on its own iCloud servers.) This method of authentication happens in milliseconds, which is as close to real-time as you can get. There are a few tricks to the system designed to bolster security: your eyes must be open, so another person can’t unlock your phone by pointing it your face while you sleep. And your attention must be on the device for it to register a successful scan. You must be looking at the display for Face ID to work. Teaching Face ID to work Apple’s Face ID system uses Apple’s Machine Learning algorithms and a “Neural engine” hardware component built into the A11 processor to analyze and recognize your face. This includes keeping up to date with changing appearances, such as when you’re growing a beard or wearing sunglasses. (The infrared light can see through those sunglasses to detect your gaze, and the system will still recognize you if enough data points match.) What is a neural engine? It’s a custom-designed, dual-core chip specifically made to crunch data, identifying people, places and objects without affecting the phone’s primary CPU. In addition to powering Face ID, this custom hardware lets Photos identify your friends, the places you’ve visited, the things you’ve taken pictures of and it powers the fun, new Animoji feature. It’s also important to note that apps that can now be unlocked an accessed using Touch ID will be accessible using Face ID. How secure is Face ID? Face ID analyzes your features in real-time, processing more data points – 30,000 of them – than Touch ID measures when scanning a fingerprint. Apple worked to make sure the system can’t be spoofed by photographs and worked with Hollywood mask-makers to ensure even elaborate masks won’t defeat the system. (This PDF from Apple has more granular detail about how Face ID works.) As a result, according to Apple, the chance a random person can unlock your phone using their face is 1 in a million; it’s 1 in 50,000 for Touch ID. But there is a caveat. If you have a twin, or know someone with a close genetic relationship with you, or you’re under the age of 13, Face ID authentication has a higher probability of being broken. This doesn’t mean it will be broken – just that the probabilities change under these conditions. For most users post-puberty who don’t have a doppelgänger walking around, Face ID should be more than secure enough for their needs. The important thing to remember is that Face ID and Touch ID are more about convenience and design than security. Apple does its best ensure your bio data is difficult to crack, but your best security is still a strong password (or a long passphrase). If someone can pick up your iPhone and guess your password by the cute puppy wallpaper showing Fluffy’s name on the collar, all of the encryption and enhanced security algorithms in the world won’t help. Your password will always remain the biggest point of weakness on a mobile device that’s fallen into the wrong hands. So it’s best to make it a strong one. As it did with Touch ID, Apple has included an option to bypass Face ID and require a password to successfully can unlock the iPhone X. To disable Face ID on the fly, hold down the side and volume down buttons at the same time for a few seconds (essentially, “squeezing” the iPhone). According to Apple’s Face ID PDF, a passcode is still required under these circumstances: The device has just been turned on or restarted. The device hasn’t been unlocked for more than 48 hours. The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours. The device has received a remote lock command. After five unsuccessful attempts to match a face. After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds. Face ID in the future Apple tends to release ground-breaking technologies that eventually spread throughout its line-up and are soon adopted industry-wide. There’s already speculation about Face ID showing up in next year’s iPads and less-expensive iPhone models. Face ID is clearly an important part of the future for Apple’s mobile devices. It’s one of the reasons CEO Tim Cook hailed the iPhone X as setting the pace for iPhones for the next 10 years. And it shows that Apple’s efforts to innovate and outpace its competition should keep it a technological trendsetter for years to come. Related content feature Microsoft's Patch Tuesday updates: Keeping up with the latest fixes Here's a look at the most recent Patch Tuesday release from Microsoft as well as a collection of recent updates so you can track what's changed. By Dan Muse Aug 16, 2024 5 mins Microsoft Microsoft Office Windows 10 opinion For August, Patch Tuesday means patch now Microsoft’s monthly update for August includes fixes for six — yes, six — zero-day flaws affecting Windows and Office. By Greg Lambert Aug 16, 2024 10 mins Microsoft Microsoft Office Windows Security opinion Germany’s BSI guns for better tech security Microsoft will need to become secure by design, but if you can't wait there's an alternative. By Jonny Evans Aug 16, 2024 5 mins Apple Windows Security news MIT delivers database containing 700+ risks associated with AI Called the AI Risk Repository, the goal, its creators say, is to provide an accessible and updatable overview of risk landscape. By Paul Barker Aug 15, 2024 1 min Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe