
Face ID, Touch ID, No ID, PINs and Pragmatic Security - louis-paul
https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/
======
apeace
> ...when you do use the biometric options we're about to get into, you're
> still going to need [a pin] on your phone anyway. For example, every time
> you hard-reboot an iPhone with Touch ID you need to enter the PIN

This is what has been missing from every discussion of this issue that I've
seen so far.

The face scan isn't "insecure" even if you're worried about border searches.
Just turn off your phone when you get in the security line! Pin will be
required on start.

Pin is also required when plugging into a new computer.

The rest of the time when you're going about your daily life, and are not
worried about a government agent spoofing your face or pointing the phone at
your face, you can use this nice feature.

Most people will be _less_ secure without it. They don't want to punch a pin
every time they want to tap their phone to pay for coffee. So without the face
scan feature, they will opt for no security at all.

The reboot/plug-in pin requirements change the discussion quite a bit, but are
usually ignored, seemingly so bloggers can state the obvious "but someone can
spoof your face!"

~~~
gist
I don't want to be that 'if you've got nothing to hide then' guy but why are
people so worried about what border agents in particular will see on their
cell phone?

I am not saying that I wouldn't mind at all if my phone was searched. But I
can't think of anything in particular that I would be concerned about if it
was. Sure in theory the agent could remember some personal information and
come back later and use that info or pass it to someone for some nefarious
purpose. But that's a pretty small chance event. It's more or less the
equivalent of thinking you will get sick because you find a hair in your food
at the restaurant. You don't like it and you send it back or demand a refund
but the actual harm is more mental in nature.

Or what am I missing here?

~~~
kibwen
Depends on how difficult it is to produce an automated system whereby one
needs only plug an unlocked phone into a computer in order to hoover up all
locally-stored messages, contacts, saved passwords, synced browser histories,
etc. The agent themselves doesn't need to care, they can just be instructed to
"unlock the phone, plug it in to this computer, wait until the progress bar
finishes, hand phone back". Are you on Github? Is your Github password saved
in your browser? Do you have commit access to any marginally important
projects? God only knows who has commit access to those projects now.
Considering this is HN, I imagine this is an attack vector that a lot of
people here are particularly concerned about. Given how much code we use
that's written by others, it ought to concern the rest of us as well. :)

~~~
late2part
This is not an attack. This is iTunes. This is trivial to do.

------
sgarg
I really liked this write-up because it focused on the _practicality_ of the
various security mechanisms. Most articles I see usually have a blanket
statement like "All biometric security mechanisms are bad!". I think this
article does a good job comparing the various logins and describing the pros
and cons for different people. Specifically, I appreciate the author calling
out when people bring up the "What if" edge-cases, where the correct response
is you likely have much bigger problems at that point than the security level
of your phone.

~~~
danjoc
>All biometric security mechanisms are bad

They are though, if bad == insecure. Customs can make you unlock with
fingerprint or face. If you can't lock yourself out, it's not secure.

~~~
pertymcpert
Customs can do that anyway if you have a password.

~~~
Jeremy1026
Constitutionally, an individual can not be forced to enter a password for law
enforcement (including customs agents).

~~~
eanzenberg
That's the point, "constitutionally" while they lock you up for hours/days on
end to obtain the warrant needed to give up your password unless you are
willing to stay locked up.

~~~
Jeremy1026
Get that sweet settlement for wrongful imprisonment.

~~~
coldtea
Or, you know, no settlement, and not even a "sorry, oops" either.

------
smelterdemon
Re: the pushback the author got on Twitter; I believe in skepticism towards
corporations and marketing claims, but the level of cynicism online towards
any new tech idea or product seems a bit out of hand. There's a certain trend,
on Twitter especially, of people racing to prove they're either more woke or
smarter than the teams of people behind things that are yet to even be
released. I mean a "wait and see" attitude wrt the actual effectiveness is
good, but I don't get why we need to concoct extreme hypotheticals here
suggesting Apple is somehow irresponsible for adding an optional feature.

~~~
eric_h
> There's a certain trend, on Twitter especially, of people racing to prove
> they're either more woke or smarter than the teams of people behind things
> that are yet to even be released.

This has been a trend of a vocal minority on the internet for as long as I've
been connected to it. Remember "No wireless. Less space than a nomad. Lame"?

~~~
Razengan
> _Remember "No wireless. Less space than a nomad. Lame"?_

I hate linking to that site but this will always be golden: Apple's New Thing
(a post from 2001) [1]

[1] [https://forums.macrumors.com/threads/apples-new-thing-
ipod.5...](https://forums.macrumors.com/threads/apples-new-thing-ipod.500/)

------
tonyztan
Given that the authentication methods are "differently secure," wouldn't it be
good if we were offered the option to combine them and require both for
unlock? I would love to use Face ID + PIN or Touch ID + PIN for better
security.

~~~
nxsynonym
I want this, and also the ability to secure different areas of my phone.

I want to be able to set touch or PINs for certain apps, so that I can have
multi level security. Why is there so much emphasis on one master
password/touch ID/face ID instead of having multiple security checks?

~~~
jfaat
All of my banking apps, among others (e.g. password manager), include options
for both pin and touchID auth. Do we not already have what you’re asking for?

~~~
kfriede
I think he's requesting it on the system level. For example, if iOS allowed
you to force PIN+TID when opening a specific (not necessarily secure) app for
the first time after an unlock. Intended for apps that don't necessarily have
security built in already.

~~~
mulletbum
This is especially useful for when the app developer doesn't think there is a
reason for them to develop such a system. For example, I don't want my son
playing a zombie game, but I myself play it often. I could then lock him out
of said game, but still give him my phone to use.

~~~
irrational
This isn't exactly what you are looking for, but have you tried Guided Access
on iOS (or whatever the equivalent is on Android)?

~~~
mulletbum
Yes, that is the way I do it currently. It's a real pain though.

------
ekzy
It would be interesting if we could specify a particular face pattern to
unlock the phone. Imagine you set up your phone to open only if you smile, now
if someone picks up your phone and try to unlock it by pointing it at your
face, not smiling would be easier than closing your eyes or looking away. Not
even mentioning the health benefit of just smiling :)

~~~
teniutza
It would be awkward to smile/pose before/after a funeral, just because I need
to call my mum or check my email...

That being said, I do think that there could be a legitimate use case here.
One could set up a particular "emotion" (a face pattern) associated with
someone forcing them to unlock a phone using their face. I mean, if someone
pulls a gun or a knife on me, I'll probably just do as they say and look at
the phone, rather than risk an additional hole in my body. But unlocking a
phone _and_ sending a distress call is something I could live with.

~~~
saluki
y, if someone has a knife or gun I would just give them what they want and
worry about a distress call after you're safe instead of getting fancy trying
to activate an 'I'm being mugged' feature.

I think that could be a nice feature but would add stress to the situation
when you should just be focussed on staying alive trying to remember how to do
that special thing or enter an alternate code.

~~~
teniutza
I'm thinking of a situation when the phone, for example, is not enough for
them. What if the don't leave you alone after that? What if you're a girl and
they are going to try to rape you? What I'm thinking of is not about a "fancy"
_help-me-I 'm-being-mugged_ "duck-face" pose, but actually a face pattern
which, simple enough, could offer assistance in a difficult situation. What if
they take away the phone and I'm left with no change of calling for an
ambulance?

You are right, though, that this requires some "friction" and probably some
self control.

------
sailfast
This is a really well-written, considered view of the trade-offs for using
different options for security. I learned a lot from reading, and the plain
language discussion of the topic allows most any reader to better understand
the trade-offs present for each option.

Much appreciated to the original author - it takes a good deal of time and
effort to write something that lucid. Thanks.

------
irq-1
> a thread emerged about abusive spouses. Now if I'm honest, I didn't see that
> angle coming and it made me curious - what _is_ the angle? I mean how does
> Face ID pose a greater threat to victims of domestic violence than the
> previous auth models?

If someone has the PIN and the phone, they can get in without the person
(without their biometrics.) Fingerprints and Face recognition increase the
chances that an abusive spouse needs the other person _every time_ they access
the phone.

Parents who have their childrens passwords are in the same situation -- they
can't snoop on their kids biometrically secured phone (like reading a kids
diary in the old days.) They have to have the kids open the phone, which means
the kids know that it's happening.

~~~
irrational
I'm not sure, but I know with my spouse and I, we always put each others
Biometrics into each other's devices (I add her fingerprints to my phone and
vice versa), share a lastpass account so we know each other's passwords, add
our email accounts to each other's devices so we can always look at each
others email, etc. If you are married to someone and don't trust them enough
to do the same I have to question the foundation the marriage is built on. As
for kids, we just don't allow them to have a phone or other device until they
are old enough to buy it with their own money, which so far has never happened
until they are nearly 18 and getting ready to leave for college anyway.

~~~
justsid
Not trying to tell you how to live your life, but being an open book to the
other isn‘t very trusting. If your trust is build around being able to spy on
the other, maybe you aren‘t trusting each other that much. My wife and I both
have our own separate phones and computers without each other being able to
access it and I trust her not to do anything that goes against our interests
and vice versa. That‘s what trust is, not having to know what the other does
and knowing they are doing the right thing.

~~~
lbarrett
I also let my spouse unlock my phone. It's not so much "being an open book" as
it is "I trust her not to snoop, and sometimes it's convenient that she can
open a map on my phone." That meets your definition of trust: not having to
know what she does because I know she'll do the right thing.

~~~
justsid
Very fair point. In fact, my wife actually knows my phones passcode for the
exact same reason. „Open book“ was definitely the wrong phrasing here, I
wasn‘t trying to say that you have to keep everything secret from your spouse.
Just that the exact opposite of that also strikes me as very distrusting.

------
dweekly
Would be interesting to enable voice authentication contemporaneous with face
scanning to make sure the lipreading matched the utterance matches the
voiceprint matches the expected face. Bonus points that a vocal channel could
be used to detect duress (especially if accompanied by, say, raised eyebrows)
and either require further authentication (passphrase entry) or a "false
unlock" to reveal only a nearly factory fresh app and data underlying. Could
also potentially send a notification to friends that your phone had just been
unlocked under duress. Bonus points for in parallel hard-scrubbing the
underlying true data while displaying the false boring phone interface.

------
dredmorbius
Near-field worn devices.

[http://nfcring.com](http://nfcring.com) is an example of what I have in mind.

What I'd like to see is this tied into an identity system, such that the ring
(or other very-hard-to-misplace, but replaceable and discardable) token is not
_itself_ an identity, but rather an access token to an identity store which
can present any given identity to any given system.

That might be a _consistent_ identity across multiple sessions or _unique_
identities on each session. The identity might be tied to some central
certifying agency (e.g., a motor vehicles department or national pensions
fund), or not.

There are several elements of this which I'd like to see developed further,
including how keys might be reconstructed or recovered using a quorum system
of trusted sources (divide your key into pieces, share those amongst friends,
family, or some local authority, such that key loss need not equal data loss),
and possibly via law enforcement.

I'm also looking at the possibility of a public ledger system which might
allow for both workfactor requirements _and_ public disclosure of keys being
revealed. This may be a viable application of crypto, though I'm not entirely
sure of this.

(The feature might also be optional -- you could take the risk of key loss, or
allow for recovery. But the present situation with PKI of losing access to
_all_ previously-encrypted data in the event of key loss would be mitigated.)

There's also the requirement for devices to have support for near-field
readers. I'm told this is alreadly largely a reality, though my reading of
specs for various mobile devices suggests otherwise.

The biggest challenges through all of this are not the technology itself, but
the adoption, requirement, and enforcement of standards, including
availability of tokens at low or no end-user price. Trust of the information
ecosystem overall might be a suitable incentive for this to happen.

~~~
calvinbhai
So, someone steals the NFC ring and then own the phone? Ring + heat detection
of PIN tap pattern will end up giving a false sense of 2FA. (not sure how the
ring auths on being worn, didnt see it on the website).

~~~
istolemomsthumb
Or cutting off a finger or hand?

~~~
dredmorbius
Difficult to arrange by a phishing email, website, or trojan.

Possible to countermeasure as well.

------
alistairSH
It appears that FaceId only supports a single face (unlike TouchId, which
supports multiple fingers).

Maybe this use case isn't common, but my wife frequently needs access to my
phone. Usually while driving, to change GPS routing, or playlist, or respond
to SMS. With TouchId, she can do so without my PIN. With FaceId, she needs my
PIN.

This strikes me as both less secure and quite annoying. Now, I have to repeat
my PIN out loud while she types it into the device. Or, force her to memorize
it (in addition to her own PIN, and I have to remember hers for the reverse
situation).

------
rcarmo
For me it's not so much the paranoia or the degree of security (which is an
arguable point in itself) but the commodity of it. Touch ID lets me unlock my
devices without having to re-position my upper body or move them in
(practically) any way, and Face ID feels awkward (I'm typing this on the
device that is likely an exception to that - a Microsoft Surface Pro - and
Windows Hello's face recognition works beautifully, but I am _always_ facing
it when I need it to unlock, so...)

~~~
baby
> without having to re-position my upper body

why would you unlock your phone if you're not going to look at it? I don't
understand this argument.

~~~
thisone
my phone is currently sat on my desk, about 10 inches from my right arm. I
can, and do, check messages on it, by only repositioning my arm to unlock it.

I easily read any messages by glancing at the phone, never coming into any
decent imaging range.

~~~
heartbreak
Turn on the front camera, lay the phone on your desk. Can you see your face in
the image? Then you can unlock your phone by glancing over at it.

~~~
CocaKoala
My phone is on my desk next to my laptop in the same place where I've been
texting my wife for the past five minutes. I have turned on the front facing
camera.

My phone can see the very corner of my head and about half of my eyebrow. I do
not want that to be enough to unlock my phone.

------
DamonHD
Good, balanced, pragmatic discussion.

------
consto
Honestly, the only downside I can see vs. TouchID is that you can in theory
point the phone at the person and unlock it. However this is balanced out by
not working while unconcious.

PINs as discused are not directly comparable.

~~~
liberte82
How does it not work while unconscious? Eyes need to be open?

~~~
vlozko
That and looking at the device.

------
iamcasen
What I want to know is what face data is shared with 3rd parties like
snapchat. That seems like the bigger threat, and no one is really discussing
that.

~~~
colejohnson66
Unless Apple provides only an API to interact with the model, not actually use
it. Which, considering it’s Apple, I’m sure they did.

------
durzagott
So, with Face ID, can you prevent someone trying to compel you to unlock your
device by simply closing your eyes or looking away?

~~~
huxley
That was the way it was described in the Keynote

~~~
have_faith
How do you know when to open your eyes again?

~~~
fletom
You can open your eyes but not look at the phone.

------
ramgp
What if users were able to disable FaceID by configuring blinking x times or
by having their eyes closed for a certain time period? Maybe requiring FaceID
+ a different PIN after recognizing that locking over the lock.

------
jlebrech
what about FaceID + pin? that would mean someone would have to know your pin
as well as have access to your face.

you also wouldn't have to look so paranoid while entering the pin. and pin by
itself would be of little value.

~~~
joosters
For phone-based biometrics, the PIN has always been a backup for the
fingerprint/face recognition, because these things aren't 100% reliable. Not
even considering any security aspects here, just practicalities, like your
hands are dirty or your face isn't being recognised (perhaps you've got
bandages on your face or whatever). Having the PIN as a replacement is a
_good_ thing in these cases, otherwise you could be locked out of your device
when you actually want to use it.

For 'extreme' security situations, you might as well just have a long secret
PIN and no biometrics.

~~~
jlebrech
FaceID + shortpin = unlock

longpin = unlock

~~~
leadingthenet
Yes! I'd love this.

~~~
liberte82
Too complicated

~~~
jlebrech
it can just be a setting you either enable or don't

------
saluki
Stolen iPhones should be worthless.

Apple need to create a system where stolen phones can be reported to them,
Apple can then contact the owner/verify they are stolen. And then add them to
a stolen list and disable calling/apps on those phones. And display an overlay
on the screen THIS PHONE IS STOLEN.

Every iphone would come with an validate phone feature that is accessible even
when locked that can authenticate the iPhone for anyone thinking of buying it.

The potential buyer can check if the iPhone is stolen by using the feature
that is allowed to connect to the internet and validate the phone.

They need to make it where stolen iPhones are worthless so when you are
getting mugged criminals won't even want it.

Obviously have an option setup where you can transfer ownership of your phone.
Maybe with a 7 day waiting period.

~~~
willstrafach
Find My iPhone + iCloud is what you're describing.

Even a DFU restore of the device won't help a thief, as the activation process
will simply ask for your iCloud login and will display a "Message From Owner"
that you can set at icloud.com indicating the device was stolen, making it
much harder for someone to purchase and claim ignorance about the origins.

~~~
mulletbum
Can confirm. We ran into this problem in my company as we had contractors
setup phones and turn on Find my iPhone. We ended having to do some not so
great things to make it so we could use the devices again.

~~~
redler
What not-so-great things?

------
DrNuke
The complete business model is taking the p*ss imho. I am seeing more than a
number of people reverting to simple €20 nokias for basic telephone + sms
usage on top of a gadget / secondary device for consumption or mobile
business.

~~~
mikeash
Apple sold over 200 million iPhones last year, and they make up a relatively
small proportion of the overall smartphone market. I don't think there are
very many people like you describe.

------
hughw
Free "rein".

------
comstock
Nice article. However:

> It's alarming not just because the number is so low, but because Dropbox
> holds such valuable information for so many people.

I'd suggest that Dropbox users somewhat self select for those not as concerned
about security as others. And more concerned about availability.

Dropbox does not encrypt your data server side (or at the very least, can
easily decrypt it). And they have proponents of warrantless surveillance on
their board:

[http://www.drop-dropbox.com](http://www.drop-dropbox.com)

~~~
hellofunk
> Dropbox does not encrypt your data server side (or at the very least, can
> easily decrypt it).

I think claims like this need to be backed up.

Now, obviously a biased source, but Dropbox itself says this:

"Each file is split into discrete blocks, which are encrypted using a strong
cipher. Only blocks that have been modified are synced. Each individual
encrypted file block is retrieved based on its hash value, and an additional
layer of encryption is provided for all file blocks at rest using a strong
cipher. Both dedicated internal security teams and third-party security
specialists protect these services through the identification and mitigation
of risks and vulnerabilities. These groups conduct regular application,
network, and other security testing and auditing to ensure the security of our
back-end network. In addition, our responsible disclosure policy promotes the
discovery and reporting of security vulnerabilities." [0]

So we have files that are broken apart, each part encrypted, then the whole
combination encrypted again, then lots of security auditing in-house and
outside, and with incentives for people that discover flaws to report them.
That seems pretty industry-standard to me, but I'd like to know more.

I really have some difficulty imagining a company like Dropbox, which knows
how important the documents it stores are, being careless with security. Not
saying they may not be, but it's going to take more than an HN comment that
includes some politicized perspective about the Bush administration to
convince me.

Furthermore, this article [1] claims that Dropbox encrypts files on the server
even stronger than Google does. It also points out that user behavior is
usually the main security hole, which will always be true with any service.

[0] [https://www.dropbox.com/security](https://www.dropbox.com/security) [1]
[https://www.virtru.com/blog/dropbox-
encryption/](https://www.virtru.com/blog/dropbox-encryption/)

~~~
jasonsync
Yes, Dropbox uses encryption in transit and at rest, and security would
certainly a top priority for any custodian of that much data. Dropbox is an
industry leader, and in many ways sets the course for the entire industry to
follow in this regard.

The issue with Dropbox is that they also have access to your encryption keys,
which means they can easily decrypt and access your files, at their
discretion.

According to Drew Houston (Dropbox CEO), they need access to your files to
offer features like search, to be able to better understand how you're using
the service, ability to integrate with third-parties, and for law enforcement.
Some of these "trade-offs" are mentioned by Mr. Houston himself in this
interview when responding to criticism from Edward Snowden a few years ago:
[https://techcrunch.com/2014/11/04/dropboxs-drew-houston-
resp...](https://techcrunch.com/2014/11/04/dropboxs-drew-houston-responds-to-
snowdens-privacy-criticism-its-a-trade-off/)

More to the point, giving Dropbox (and their affiliates and trusted third-
parties) permission to access to your files is a key provision of the Dropbox
terms of service:

 _Our Services also provide you with features like photo thumbnails, document
previews, commenting, easy sorting, editing, sharing and searching. These and
other features may require our systems to access, store and scan Your Stuff.
You give us permission to do those things, and this permission extends to our
affiliates and trusted third parties we work with._

[https://www.dropbox.com/terms](https://www.dropbox.com/terms)

As Mr. Houston said in the article referenced above, if you want better
encryption there are alternatives.

Disclaimer: I work at Sync.com

------
jasonmaydie
you can change your pin. you can't change your face.

~~~
kibwen
Which is why it's nice that none of the biometric auths can be used without
also having a PIN for backup auth. And also why it's nice that you can disable
biometrics entirely.

~~~
jasonmaydie
The comment was aimed at the Snowden example. If Snowden thought his pin was
compromised he could always change his pin, but once his face is compromised
what does he doe?

~~~
fisherjeff
This entire article was explicitly written to address this line of thinking,
and IMO does so very well.

------
graphememes
Repeat after me.

iPhone X is less secure than the iPhone 8.

Why?

iPhone X: Chances of someone unlocking while you are asleep is 1 in 1

iPhone 8: Chances of someone unlocking while you are asleep is 1 in 200,000

I certainly prefer the latter odds.

~~~
overcyn
Your eyes need to be open for it to unlock. Also someone can't touch your
fingertips when you are asleep?

~~~
graphememes
Some people sleep with their eyes open.

------
emilfihlman
The only secure thing is a thing that only you know and only you can verify
even if you are freely observed.

That is, shared secrets between you and your trusted device (meaning
passwords) are the singular thing that provide authentication securely. Your
password cannot be extracted from your head (yet).

That being said, if your risks are mundane then the benefits of biometric
authentication far outweigh constant password input, not to mention that
constantly entering your password exposes you to other side-channel attacks.

Biometrics for simple access, passwords for changes, modifies and access to
sensitive information.

~~~
liberte82
I wonder if you could hack a person's password from their mind by forcing them
to go through the alphabet and monitoring their heart rate / brain activity
for each letter of their password. There must be a way to detect based on
their reaction when you're on the right character, like a lie detector.

I mean, I guess at that point you could just torture it out of them, but I
wonder if this could work as a method that wouldn't count as torture.

~~~
graphitezepp
I severely doubt that anything like that is feasible. Lie detectors don't
really work so well too, afaik.

------
Crontab
All I know is that I will avoid any system that can work if I am not
conscious.

~~~
msravi
According to the article, the phone won't unlock if you aren't attentive,
i.e., looking at the phone with your eyes open with tiny imperceptible eye
movements.

~~~
rothron
Not looking forward to the video services that demand that you pay attention
to ads before they let you view their content, now that they have the ability
to check.

~~~
ubernostrum
Do they actually have that ability, though? There's a big difference between
"the authentication mechanism has access to this API when you're
authenticating" and "everything always has access to this API at all times". I
haven't seen any indication that this will be generally available on-demand to
applications, and Apple's track record on this stuff isn't terrible (largely
because Apple isn't existentially dependent on advertising like some other
vendors of mobile tech).

~~~
batuhanicoz
The camera and the sensors can be available but I'm certain the auth mechanism
itself won't be accessible. AFAIK they have a dedicated chip for this like
Touch ID and what software can is limited.

------
fortythirteen
For me it's a simple question of cost vs. reward: do I care enough about the
security of whatever data is stored with a company, that I'm willing to give
the company personal information, when their terms of service almost assuredly
give them complete license with it?

This, of course, starts with the question: do I even want to put this in the
cloud to begin with?

Edit: I was talking about two factor auth.

~~~
kibwen
From the OP: _" the data is stored in the iPhone's secure enclave and never
leaves the device"_. It appears that this has nothing at all to do with the
cloud. And if you don't trust Apple's word here, then you also have no reason
to trust that they (or any other handset maker) haven't programmed the camera
to surreptitiously take and transmit photos at all times.

~~~
fortythirteen
I'm talking about two factor auth.

------
symlinkk
This article doesn't really say much of anything. Troy pretty much just
summarized a few slides from the Apple event and then ended the article saying
he was going to buy an iPhone X and is interested to see how Face ID turns
out. I really gained nothing from reading this.

~~~
MBCook
The point of the article is that many people are complaining about FaceID's
security in abstract. The alternatives, like the relatively common 'no
password' or '123456 pin' are much LESS secure than FaceID.

The other arguments people are making tend to be very fanciful scenarios that
don't apply to normal people (state actors, high quality makeup shops with a
perfect face mold of your face, etc).

It may not be perfect but like TouchID it's probably way better than the
alternative.

------
koliber
There is an opposite use case which will make me consider getting an iPhone X
for a long time.

Every so often, I leave my phone at home and I need my wife to get some info
from it. Or my phone runs out of batteries and my wife's phone is there, and I
use to to make a phone call.

With Face ID, these possibilities go away.

~~~
raesene6
If it's implemented in the same way as TouchID, you can always fall back to
PIN.

~~~
koliber
Oh. Thank you for pointing this out. It was not clear to me that this is the
case. From a quick look at their initial marketing material, it seemed like
the way to unlock it was to wave it in front of your face.

------
mtgx
1 in 1 million FAR (false acceptance rate) vs 1 in 50,000 is pretty misleading
(as is Apple tradition).

Do you think someone trying to hack into your phone would shoot 1 million
_random_ pictures/3D profiles made from Facebook pictures at your phone, or do
you think it's far more likely they will already start with _your_ profile
made from online pictures?

That will likely make the success rate even higher than with fingerprints, as
it's significantly easier to get someone's photos than it is to get their
fingerprints.

> Laughs were had, jokes were made but the underlying message was that Face ID
> isn't foolproof. Just like Touch ID. And PINs.

No, not "just like". There is a huge difference between most fingerprint
authentication mechanisms and most face unlock mechanisms (at least so far).
Most of them could be tricked with a 2D picture - including Samsung's latest.
It's very annoying to see such a statement from someone like Troy Hunt. Plus,
I have a hunch he'll be eating many of the words he wrote in a few weeks when
Face ID will prove much easier to hack than Apple made everyone believe it
will be.

~~~
admiralpumpkin
Per Apple Face ID doesn't work with photos; TBD in real world.

~~~
macintux
If they created photorealistic masks to defeat the 3D mapping and those didn't
work, I feel pretty confident in saying that photos won't work.

~~~
MBCook
I think it would be really cool if it turned out that it could tell the
difference between some pairs of identical twins due to seemingly
imperceptible differences.

~~~
macintux
I'm sure it's not 100%, but I'd bet it's close. Certainly by young adulthood
the identical twins I've been around have been relatively easy to distinguish.

~~~
MBCook
That's sort of my theory. But I wonder how much of people's ability to
distinguish identical twins is based on physical differences vs more subtle
things like how they carry themselves/interact with the world.

~~~
kccqzy
Some twins I've known deliberately create physical differences like different
hairstyle so other people can recognize them easily without interactions.

