
Face ID flop: Chinese colleagues can both authenticate iPhone X - doener
http://pocketnow.com/2017/12/15/face-id-flop-chinese-colleagues-can-both-authenticate-iphone-x
======
tgb
This is what one in a million looks like.
[https://blogs.msdn.microsoft.com/larryosterman/2004/03/30/on...](https://blogs.msdn.microsoft.com/larryosterman/2004/03/30/one-
in-a-million-is-next-tuesday/)

~~~
BillinghamJ
For computers, not humans...

~~~
mikeash
There are millions of iPhones X and billions of humans. It definitely applies
to humans if you look at a worldwide scale.

~~~
JimDabell
Some estimates put iPhone X sales this quarter at 30m. And don't forget that
people are generally poor at estimating probabilities like this, consider the
birthday problem as an example. It takes a group of ~1,200 people for a one in
a million collision to be more likely than not to occur. It's very unlikely
for it to happen to _you_ , but it's very likely to happen to _somebody_.

------
neom
We got a friends phone to unlock with her sisters face, but it required the
phone to fail, enter correct passcode, fail, enter correct passcode. After two
failed attempts (consistently, and after retraining) the iPhone had added
enough of her sisters face that her sister could unlock it. I wish these
unlock articles would state if the phone was "trained" to learn the new face.

~~~
Someone1234
I get a little annoyed with this defense.

Automatic re-train is a "feature" you cannot turn off, cannot turn on, have no
visual feedback that it occurs, and ultimately weakens the security of your
device.

If this is what is causing Face Unlock to fail then that's still just as much
Apple's responsibility than any other methodology. You also have no way to
knowing how much re-train has occurred since Apple doesn't provide that
information.

~~~
lotsofpulp
Looks like you can disable FaceID pretty easily:

[https://support.apple.com/en-us/HT208108](https://support.apple.com/en-
us/HT208108)

To disable Face ID, open Settings > Face ID & Passcode, and tap Reset Face ID.
Doing so will delete Face ID data, including mathematical representations of
your face, from your device. If you choose to erase or reset your device using
Find My iPhone or erasing all content and settings, all Face ID data will be
deleted.

~~~
tonmoy
I think the GP was referring to turning off the auto train on faces when
entering the correct passcode feature

~~~
lotsofpulp
Oh oops, I didn't read carefully enough. Regardless, I think if you're
interested in real security, both TouchID and FaceID are terrible (easy to use
your body, by force if necessary, to bypass those), and passcode is the only
secure option. FaceID and TouchID are just conveniences not affordable to
those who have something to lose.

~~~
happythomist
There's nothing stopping a malicious actor from acquiring a passcode by force
as well.

[https://xkcd.com/538/](https://xkcd.com/538/)

------
kevinsimper
It is pretty bad that a colleague can unlock your phone, but they would also
be able to see and remember your 4-6 number pincode to unlock your phone as
well, even touchId can be fooled by a person who happens to have a very
similar fingerprint.

I feel Apple should let your train the FaceID a bit more so that it is more
correct, or maybe a setting on how precise the match should be, as this is a
clear example of where the Face detection is too loose to ease the user
compared to the lower security.

~~~
mikeash
According to Apple, Touch ID is far more likely to fail in this way. They say
the false positive rate is 1 in 50,000 per fingerprint, and you can enroll up
to five fingerprints, so the chances could be as high as 1 in 10,000. Face ID
is supposedly 1 in a million. That’s still high enough that we’d expect to see
stories like this from time to time.

~~~
addicted
This completely ignores locality.

As far as I am aware there is no reason to believe siblings or relatives
should have similar fingerprints. On the other hand relatives are more likely
to have similar facial features.

So for the people who have regular access to your phone, there is no reason to
believe the fingerprints should be similar. There is reason to believe their
appearances would be.

~~~
mikeash
I bet the security is still pretty good even with similar-looking people.
Otherwise we would have heard a lot more stories like this by now.

In any case, I’m not trying to defend against my brother, I’m trying to defend
against a random thief. They probably won’t look too much like me.

~~~
ggg9990
A lot of people are trying to defend against their family member much more
than against a random criminal.

~~~
mikeash
Those people should consider a difference device, then, or only using a
passcode.

------
nerdponx
There's a really, really easy solution here: _don 't buy an iPhone X_.

If the technology is bad and dangerous, stop buying it. Publicly and loudly
discourage people from buying it. Go to the media, drum up hysteria about the
dangers of FaceID. Bury the technology under public skepticism. Convince
people that biometrics are dangerous and put them at much greater risk than
before, and send a clear message to the industry when biometric sales tank.

Anything else is hypocrisy.

~~~
wklauss
> There's a really, really easy solution here: don't buy an iPhone X.

Or buy one if you want one and use an alphanumeric passcode if you don't like
biometrics.

~~~
wtetzner
That works until they stop offering the ability to use a passcode.

~~~
wklauss
Have they suggested they'll do such a thing? I'm pretty sure that will never
be the case.

And if for some reason they do, change platforms then.

~~~
userbinator
Did Apple suggest they would remove the headphone jack when they introduced
their first iPhone with BlueTooth?

Long ago, no one thought mobiles and laptops would not have removable
batteries either.

~~~
valuearb
Apple never removed the headphone jack from my 6s, but i shouldn’t have bought
one cause they removed it from done other device?

The idea Apple would remove passcodes is a paranoid fantasy on par with them
removing the touch screen to force you to use Siri.

------
stmfreak
We should not use biometrics to unlock anyway. I keep waiting for apple to
combine biometrics with passcode, but they don't and seem unwilling do offer
that as an option... why is that?

To be clear: face ID should authenticate you are the valid user, then prompt
you for your passcode. Wrong face? No passcode challenge.

------
zimpenfish
Is there a decent verified source for this with evidence? Every report of this
I've seen has been sourced from the single same place.

------
bloudermilk
Flagged. Site redirects to phishing site on iOS

------
Friedduck
Downvote. Pocketnow redirects to a scam site.

Face ID is an answer to a question no one asked. I’m sure I’d acclimate but
the fingerprint reader works brilliantly.

~~~
jamesrcole
> fingerprint reader works brilliantly

I'm not making any comment on Face ID, but the fingerprint reader does not
work brilliantly. I think it's pretty good, but it has some major
shortcomings.

It works really poorly if you have moisture on your fingers (which is not
uncommon for me). And on a number of occasions I've accidentally (and
unknowingly) unlocked my phone while it's been in my pocket and subsequently a
bunch of crazy stuff has happened (web-pages being opened, clicked through to
weird places, accidental reply to an SMS etc).

------
627467
Queue in racism accusations...

~~~
rainbowmverse
It depends on how you define racism. The meaning people use when calling stuff
like this racist is not meant as an insult, and it's not even a comment on the
character of the people doing it. Good people can do racist things by this
definition since it's focused on systems instead of individuals.

Unfortunately, people rarely define their terms when talking about sensitive
subjects. It'd save a lot of people a lot of stress.

------
jihadjihad
I'm going to stick with TouchID. Even if my twin brother chose the same
passcode as me and was able to unlock my phone with FaceID, he couldn't get
past the fingerprint scanner.

~~~
pilif
Well. If he knows your passcode, TouchID won’t be of any help anyways. Neither
will FaceID of course

