Since the invention of the password, you’ve been told to keep yours a secret. Now Apple wants your password to be your most public feature: your face.
That may take some convincing. Most people probably haven’t been exposed to facial recognition technology in their daily lives. To the degree they’re aware of it, they may well be suspicious after years of easily tricked facial recognition software and uncertainty about biometrics in general.
Enter the iPhone X, the 10th anniversary edition of Apple’s flagship phone, and its Face ID system, which scans your face using an array of cameras and sensors to unlock the device. It’s a follow-up to Touch ID, a fingerprint sensor introduced with the iPhone 5S in 2013.
“Nothing has ever been simpler or more secure,” Apple’s marketing chief Phil Schiller said during Face ID’s reveal on Tuesday.
Touch ID had its share of skeptics when it was released, including politicians who raised privacy concerns about biometrics. That was just for fingerprints. Now Apple has to convince you to use your face to get into your iPhone, even as tech companies wrestle with public concerns about security and privacy. But now that people have grown comfortable with Touch ID, Apple has taken it away from you as an option for the iPhone X. It’s Face ID or a passcode.
The majority of Americans don’t trust companies to keep their data private — you can probably name half a dozen data breaches off the top of your head. What are we supposed to think of Apple providing a safe place for data about something that’s uniquely you? The tech on the iPhone X has a daunting job ahead of it.
Apple declined to comment beyond the keynote or its public documents about Face ID.
Biometric identifiers offer several advantages over passwords. It’s convenient to unlock a device just by looking at it or holding your fingerprint on a scanner, much more so than typing in codes. Biometric “passwords” are hard for hackers to steal, and they don’t force you to remember anything. Perhaps best of all: They’re unique to you. If law enforcement comes knocking, you might be forced to unlock your device, but that’s another story.
Yet facial recognition has a bad rep because of all the failures it’s had in the last five years.
The technology has been easily tricked by pictures. It didn’t work in the dark. In some cases, people wearing glasses stumped it.
“Earlier facial recognition just didn’t work very well,” said Dasha Cherepennikova, the chief security officer of One World Identity, a privacy research company. “There’s a lot of concerns. Apple is saying they made something mass-market that actually works.”
To do that, Apple has taken the slow-and-steady approach it always has. It wasn’t the first to use a fingerprint scanner to unlock devices and it isn’t the first to use facial recognition, either. Apple took its time to make sure Face ID didn’t slip into the same pitfalls its predecessors did.
Slow and steady
Facial recognition existed on Google’s mobile operating system as early as 2011, when Face Unlock was introduced in Android 4.0. People have been tricking facial recognition since then, too. It was as easy as holding a photo of a face up to the camera on your phone, which couldn’t tell the difference. You would think that in the last six years, this would have stopped, but nope, just this month it , one of the most powerful devices running Android.
When it’s this easy to fool facial recognition technology, public trust in biometric security is bound to drop. Research from RSA Security and Harris Poll found that only 28 percent of consumers trust facial recognition as a password. After Apple announced Face ID, former NSA contractor Edward Snowden, who leaked classified documents about the agency’s widespread spying, raised concerns about normalizing facial recognition.
Snowden said in a tweet it was a “tech certain to be abused.”
“There’s a lot of vendors who rushed facial recognition to market,” said Jim Ducharme, RSA’s vice president of engineering and product. “Not only were there concerns about privacy and security, but the usability of it.”
So Apple had to develop a system that couldn’t be tricked by pictures or 3D-printed models. The iPhone X doesn’t rely solely on a camera to recognize your face. It uses scans from an infrared camera, a depth sensor and a dot projector that looks at about 30,000 spots to recognize your facial pattern.
The phone scans in 3D, so static images won’t work. Apple worked with Hollywood mask makers to defend against fake faces, boasting that it’d be athat Face ID gets tricked by a replica.
“Me holding up a picture of somebody is rather useless because it’s not the infrared image,” Ducharme said. “The approach that they’re using to recognize the face is very different than using a camera to take a selfie.”
The iPhone X won’t be available until November, so we can’t test it for ourselves yet. But Apple has already demonstrated that its facial recognition uses more robust scanning than a single camera.
“Apple basically waited until they had the technology that they could implement how they wanted to,” said Andrew Blaich, a security researcher at Lookout. “They took their time, and made sure they had tested it properly.”
As with Touch ID, all the data points from your face will be stored on the iPhone X’s Secure Enclave, a part of the phone’s processor with its own encrypted memory. The data won’t be sent to a server that Apple owns, where hackers might be able to break in and steal massive amounts of private information,.
Losing biometric data could be catastrophic for security if hackers do figure out a way to crack into accounts. Your face isn’t as easy to change as passwords are.
“That’s where a lot of those challenges are for companies like Apple,” Chad Holmes, an analyst at Ernst and Young, said. “Vendors are really at notice on how they store their data now.”
Storing biometric data on the device instead of a server is a common practice, something Samsung and Microsoft also do for their facial recognition. Hackers would have to get physical access to steal any biometric data. If there are concerns that Apple is secretly sending your facial scans and fingerprints out, a traffic analysis might allay them.
“I’ve done reverse engineering and watched the data flow for the Secure Enclave. There is no data being sent anywhere,” said Pepijn Bruienne, a research engineer with Duo Security. “Face ID will be very similar.”
Facing the future
Face ID is here to stay for future generations of the iPhone, which means Apple will have to deliver on its promise for facial recognition. It’s already off to a bumpy start: Face ID appeared to fail during a live demonstration at the iPhone X launch.
People won’t want a biometric that doesn’t work, no matter how cool it seems. Everyone can get by fine with the PIN codes that are already required for the iPhone X. Security and privacy are major concerns for Face ID, but the feature will live and die on convenience.
Apple already introduced features that will help it scan faces in the dark and a neural network that learns to recognize your face over time, even if you grow a beard or acquire a scar.
The iPhone maker might have shown up late on facial recognition, but it was putting precautions in place to make sure it didn’t crash and burn.
“If the user experience is very smooth,” Blaich said, “you’ll see the adoption grow quickly.”
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET’s in-depth features in one place.