Many smartphones include facial recognition systems that allow users to unlock their devices with just their faces, but is using them a good idea? Here is what you need to know to make an informed decision.
By the end of 2020, experts predict that more than 1 billion smartphones will include facial recognition systems, allowing users to unlock their devices with just their faces. In some cases, they will also be able to use these systems for other purposes such as authorizing payments and accessing apps. But is using face authentication a good idea? To answer this question, you need to know the advantages and disadvantages of using it.
The Main Advantages of Face Authentication
Face authentication offers several advantages over traditional password/passcode authentication. One of the main benefits is that face authentication is very convenient to use. With face authentication, users do not have to create and then try to remember strong passwords or passcodes. They just have to scan their faces to unlock their phones, so forgetting a password or passcode is no longer a worry.
Another important benefit of using facial recognition is that it can provide better security compared to using passwords and passcodes in some situations. Password/passcode authentication provides effective protection for phones when strong passwords or passcodes are used. However, complex passwords and passcodes are hard to remember, so users often create ones that are short or obvious (e.g., a phone number or birthdate). Weak passwords and passcodes are much easier for malicious individuals to crack or guess if they find or steal a phone.
The Main Disadvantages of Using Face Authentication
The main disadvantage of using facial recognition is that all face authentication systems are not created equal. On the surface, the systems in various phones might appear to work the same way, but the underlying technologies differ depending on the device manufacturer. As a result, the face authentication systems in some phones are more secure than others — and none of them are perfect.
For example, the Face ID system in Apple iPhone 11 and iPhone 10 devices is much more sophisticated than the Face Recognition feature in Samsung Galaxy S10 phones, according to experts. As a result, Galaxy S10’s face authentication is more easily fooled. For instance, when its “Fast Recognition” option is enabled, a photo or video of an individual can be used to dupe the Face Recognition feature into unlocking that person’s phone — even when the photo or video is displayed on another phone. Malicious individuals just need to have the two phones facing each other within close proximity. Since numerous photos and videos are posted on social media sites, this could pose a serious threat.
Even advanced face authentication systems like Face ID experience issues. For example, Apple acknowledges that Face ID can have problems distinguishing between siblings who closely resemble each other (e.g., identical twins).
Plus, researchers have discovered Face ID can be fooled other ways, one of which was revealed at the Black Hat USA 2019 conference. For Face ID to work, a user’s eyes must be open and looking at their device. This prevents someone from unlocking a phone by simply pointing it at the user’s face while they are sleeping. However, the researchers discovered they were able to circumvent this safeguard by putting a pair of modified glasses on a user’s face while he was asleep. They used this hack to unlock the victim’s phone and transfer some money using a mobile payment app that supports face recognition. The researchers found that modifying the glasses was not hard, as it only required placing tape on a specific spot on each lens. A much more difficult task was trying to put the modified glasses on the victim’s face without waking him up.
As of this writing, iPhone X and iPhone 11 devices — like most or all of the other phones with face authentication — do not give you the option of using two-factor authentication to unlock phones. In other words, you cannot set up your phone so that both Face ID and a passcode are required to unlock it.
What Should You Do?
In some situations, using face authentication is better than using passwords or passcodes to unlock phones. Besides being convenient, it eliminates the risks associated with having bad password/passcode habits (e.g., creating weak passwords or passcodes, reusing them). But face authentication systems are not infallible, especially on phones that do not use advanced facial recognition technologies.
So, deciding whether or not to use face authentication to unlock your phone is largely a matter of personal preference. For example, if you tend to use weak passwords or passcodes (or just hate entering them), you might want to take advantage of your phone’s face authentication system. If you have a twin or doppelganger (or the idea of using your face as your password is unsettling), you might want to stick with using password/passcode authentication.
iPhone unlock flickr photo by Elaine_Smith shared into the public domain using Creative Commons Public Domain Dedication (CC0)
