This article originally appeared in TidBITS on 2017-08-18 at 6:15 a.m.
The permanent URL for this article is:
Include images: Off

Preparing for a Possible Apple “Face ID” Technology

by Rich Mogull

While it seems as though we’ve had fingerprint sensors on our iPhones and iPads forever, Apple released Touch ID just four short years ago, forever changing our expectations for how we unlock our devices. (For more details about how fingerprint scanners work, see my article “Q&A about Fingerprint Scanning [1],” 10 September 2013.) Touch ID was a sneaky little innovation that improved security for everyday iPhone users with an option that was as easy to use as picking up your phone.

The real innovation with Touch ID wasn’t in adding a fingerprint reader to a smartphone — Apple was far from the first to do that — but in how Apple tied Touch ID to the iPhone’s hardware, keychain, and long passcodes. Touch ID doesn’t replace passcodes; it supplements them. In essence, your fingerprint “unlocks” your passcode, which in turn unlocks both your iPhone and the keychain that stores all your app passwords.

All this is managed and protected by special security hardware built into the Secure Enclave coprocessor that’s integrated into the A7 and later A-series chips to handle encryption and key management. Your fingerprint never leaves your device — heck, it can’t leave your device — and the fingerprint itself is never needed or used outside the Secure Enclave.

The result is that iOS users can have the security of a strong passcode with the convenience of no passcode at all. Yes, Apple does require users to enter their passcodes occasionally and under certain conditions, but overall, in day-to-day use, you don’t have to worry about entering six or more characters every time you want to unlock your iPhone to respond to a text message. The main downside of Touch ID is that it requires physical space on the front of the iPhone that could be used for screen real estate.

While it’s usually risky to comment on hypothetical Apple products, Apple recently, and undoubtedly accidentally, released the firmware for its upcoming HomePod [2] smart speaker. Filled with references to other upcoming products and technologies, the firmware release makes it reasonably probable that Apple will release an updated iPhone that relies on facial recognition, rather than a Touch ID sensor.

Facial recognition is an entirely different kind of biometric technology that’s historically far more difficult to implement than a fingerprint reader. While fingers do get wet, dirty, or scratched, modern sensors rely on more than just the ridges and whorls, and devices like iPhones can store multiple fingerprints.

As anyone who has looked in a mirror in the morning can tell you, faces change throughout the day. We wear glasses, move into different lighting conditions, and some men don’t shave on a regular basis. Worse, in this age of selfies, there is no shortage of high-resolution photographs of our faces on the Internet, and many people have high-quality printers. Hackers recently defeated Samsung’s facial recognition system [3] with a photo and a contact lens.

I have no idea how a potential “Face ID” might work, but I do know what I’m going to look for if Apple adds facial recognition to its iOS security arsenal. If we consider how Apple usually handles these transitions, we can make certain assumptions about what it might look like. The key is to evaluate equivalence, rather than exactness. We don’t care whether Face ID (we’ll roll with that name for now) works exactly like Touch ID — we just need it to be close enough, or even better in other ways.

Before you start panicking about a world in which someone can unlock your iPhone by holding up an iPad with a picture of you on screen (let’s be honest, that’s the first hack we’ll all try), let’s think through the problem and what to look for if Apple does indeed release Face ID.

Is Face ID as Secure as Touch ID? -- The answer to that question is more than a simple yes or no. When I look at the security of Touch ID today, I can see three aspects to consider if Face ID appears:

Is Face ID as Capable as Touch ID? -- As I mentioned, the genius of Touch ID was that it enabled consumers to use a strong password with the same convenience as no password at all most of the time. This was one of the biggest differentiators between Touch ID and previous phone-based fingerprint approaches — the harmonization of the fingerprint with the passcode. In terms of ease of use, you should focus on four criteria:

Determining Success -- If Face ID becomes a reality, plenty of articles will focus on all the differences from Touch ID. Plenty of people will complain that it doesn’t work exactly the same. And plenty of security researchers will find ways to circumvent it. But what really matters is whether Face ID hits the same goal, which is to:

Allow a user to use a strong password with the convenience of no password at all, most of the time.

Face ID doesn’t need to be the same as Touch ID — it just needs to work reasonably equivalently in real-world use. I won’t bet on Face ID appearing in a future iPhone, but I will bet that if it does, Apple will make sure it’s just as good as Touch ID overall. In the event that it ships, I think Face ID will be as hard or harder to fool, will tie into the Secure Enclave, will be extremely fast, and will work in most of the real-world situations that have stymied previous attempts at smartphone-based facial recognition.