Face ID: Is it Secure?

“Your face is your password.” You’ve probably seen Apple’s recent promotions of the iPhone X and its Face ID capabilities. With Face ID, your iPhone X will recognize your face and open at a glance, whether you are in total darkness or have grown a beard. Apple is not the only tech company embracing facial recognition systems. However, with increased mobility in business, the new iPhone X raises the question: is Face ID secure?

Is Your Face Data Secure?

If your face is your password, could anyone steal your face? As with Touch ID in the past, according to Apple, your face data is securely stored on your device and never backed up to the Cloud or any server. The data is stored on the phone’s Secure Enclave security chip. This chip is the most secure part of the phone, making it incredibly difficult to steal data and reconstruct a face from it. That said, hackers love a challenge and could possibly make an extraordinary breakthrough; you cannot completely rule it out. In short, though, your face data is pretty secure.

Is Your Phone Secure?

Does your face make for a good password? After the Galaxy S8 was released with a facial recognition system in 2017, it turned out the scan could be hacked simply by holding up an image of someone’s face to their phone. A similar hack was used on Microsoft Windows 10 Hello face authentication. Because Apple’s Face ID uses more sophisticated dual cameras and infrared dots, it is not so easily compromised. However, some hackers have successfully used high-quality 3D masks to bypass Face ID. Of course, these masks are more difficult to come by than a photo, but this proves that hacking is still possible.

Perhaps more problematic than hacking, is the issue of involuntary login. If you are under duress—kidnapped by criminals or detained by the police—others can hold your phone up to your face until you pass a Face ID scan. In other words, it would be fairly simple to force access into a Face ID enabled device.

It is crucial for consumers and business owners to keep face recognition security issues in mind. Most companies utilize mobile devices, and many individuals have one device for both personal use and work. Talk to your employees about facial recognition systems and institute clear security policies for mobile devices. In most cases you can opt out of facial recognition systems or use them as a part of a multi-step passcode. If your employees have access to business data on mobile devices, ensure that they are using strong and, when possible, multi-step passcodes. Your face should not be the password to access your business. For more information on mobile security in business, check out this blog post.

Skip to content