In the second article of my on going iPhone X review, I will focus on a completely new feature for iPhones and iOS, Face ID.
When an entity implements a way of protecting information, it is a trade off of two factors: security and convenience. The ideal is to make something secure yet not so burdensome for the user that they would not use it.
There is one thing that Apple takes seriously, when it comes to their customers. That item is security. When the iPhone was originally released the only security allowed was a four digit passcode. This made it quite convenient when you needed to unlock your iPhone. While there was only a limited number passcodes that could be chosen, there is an option for users to erase data after ten invalid passcode attempts. Even if a user decides not to erase the content, there is an every increasing timeout for each invalid guess.
As iOS matured, and technology in the iPhone advanced, additional passcode options were added. If you opted to you could create a longer than 4 digit passcode. While it is easy for many users to remember a four, or even six, digit passcode, it is not the best security method. While there are many times when a user may wish to use a secure and long passcode, given the potential number of situations where a user may have to enter in their passphrase, some users could be turned off by this. When this occurs they may end up reverting to a less secure passcode.
To help deter this behavior, but also to provide some convenience, Apple introduced a new feature in 2013 with the release of the iPhone 5s. The iPhone 5s introduced a new feature called Touch ID. Touch ID could be used not only for unlocking an iPhone, but could also be used for purchasing items from the iTunes Store, Apple Store, or even within apps. Touch ID is also capable of unlocking files within applications, or even unlocking applications themselves; provided the developer included this functionality.
Touch ID allows users to have a more convenient method of performing these actions. The biggest benefit of Touch ID is that users did not have to constantly enter in their passcode, or passphrase. Instead they could register their fingerprint with their iPhone and use their finger to authenticate themselves for purchases or for unlocking their device.
There are often times that an iPhone user may want to allow others access to their iOS device. This could be a child, spouse, or anyone whom with they trust their iOS device. How does Apple guarantee the security of the fingerprints that are put into an iOS device?
Touch ID Security
When somebody thinks that their fingerprint can be used to perform a transaction, they may be deterred because of misinformation. Apple’s take on security is one where it wants its users to feel secure and know that their information will not be compromised. The manner in which Touch ID actually works is by not taking an image of your fingerprint, instead iOS creates a mathematical representation of the fingerprint that you are registering. This mathematical representation is held within the Secure Enclave of the A7, or newer, chip. Nothing has direct access to what is stored on the chip. There is a direction connection between the Touch ID sensor and the secure enclave and nothing in between. This is the first step in the securing of a fingerprint.
Users often want to use their iPhone to make purchases. This could be from the iOS App Store, the iTunes Store, or even from within an application. While many users may trust Apple with their information, they may be less trusting off a third-party developer. If a developer implements Touch ID, when they request a fingerprint, they do not get access to the Secure Enclave to pull in the fingerprint information. Instead the developer requests that user authenticate with Touch ID, and the developer gets back a simple “Yes” or “No” as to whether the Touch ID fingerprint hash matches the one saved in the secure enclave.
With Touch ID you could have up to five fingerprints registered for any single iOS device. This could allow various individuals to use the Touch ID sensor without necessarily needing to enter in the passcode or passphrase. Yet, there were still instances when Touch ID would require the passcode or passphrase again.
When Touch ID did not work
There are a number of situations where the passcode or passphrase to an iOS drive would be needed before Touch ID could be used. The most common is when a user rebooted the iOS device, the passcode or passphrase would be needed. A second occasion would be if the iOS device had not been unlocked with Touch ID in the last 48 hours. This was a security measure to allow users to feel safe knowing their data could be retrieved without the passcode or passphrase. The third would be if Touch ID failed to authenticate five times in a row. Again, this was a precautionary feature in case someone was trying to purposely, or inadvertently, unlock a Touch ID-protected iOS device.
There could be many possible other occasions when Touch ID would fail. One that was often encountered by users is if their finger was wet and Touch ID could not get a good match. One possible work-around for this specific condition was to register a fingerprint while your finger was wet. This would not work 100% of the time, but it could work in many cases.
One of the features of the iPhone X is the edge to edge screen. This results in there being no home button. How does one handle authentication without a home button and no Touch ID? This is where Face ID comes into play.
Face ID is akin to Touch ID in the fact that both are biometric. Instead of using a fingerprint, Face ID uses different aspects of your face to unlock your iPhone X. If you upgrade from an older iPhone and you have allowed some applications access to Touch ID, those apps that you have allowed should request access to use Face ID. If you grant them access, it should work in the same manner as Touch ID. Let us look at the sensors that make up Face ID.
True Depth Camera
Face ID uses a number of sensors that are stored within the notch on the iPhone X. The sensors within the notch are collectively called the “True Depth Camera”. There are a number of sensors included within the True Depth sensor.
There are some sensors within the True Depth Camera, but these are not unique to the iPhone X. This group of sensors is:
- Proximity sensor
- Ambient light sensor
- Front Camera
Let us look at the iPhone X specific sensors. These sensors include:
- Infrared Camera
- Flood illuminate
- Dot projector
Face ID Setup
When you setup Touch ID Face ID requires a lot less setup than Touch ID. With Touch ID you were required to place and lift your finger approximately ten times in order to allow Touch ID to get a good reading on your finger. With Touch ID there are only two steps. You have to scan you Face twice. That is all that is required to configure Face ID. When you setup Face ID you have to turn your head in a circle to allow the Tru
How Face ID Works
The three sensors mentioned above, the Infrared Camera, Flood Illuminator, and Dot Projector, all work in conjunction with each other to allow Face ID to operate in all sorts of lighting conditions. The Dot Projector will put over 30,000 individual points of light on your face. Each iPhone X has its own pattern for these dots. This allows Face ID to always use the same places, but adds an additional layer of security. By not having a singular pattern with every iPhone, if someone were able to get the data stored within the Secure Enclave, it would effectively become useless, because the patterns for each iPhone is different. This is similar as to including a per-user hash to secure passwords. The infrared camera will then begin to scan your face and if it closely matches what is stored in the Secure Enclave, it will unlock your iPhone X.
If for some reason, Face ID cannot get a close enough match, it will request the iPhone X’s passcode. If this is entered properly, Face ID will incorporate the readings that it could not match, and learn so that it may be able to match better the next time.
Fingerprints are unlikely to change over one’s lifetime. But, one’s physical facial features may change quite often. One of the upsides to Face ID is that it can learn. Face ID is able to learn due to its own custom neural network which is used to detect a face even when different aspects change. You can change your hair, add or remove a beard, glasses (including sunglasses), or any number of possible variations and Face ID should be able to detect you. If Face ID does in fact fail to recognize you and you immediately enter in your passcode, the Face ID algorithm will learn that its false detection should have been a success. This helps allow Face ID to recognize you more often.
Face ID Security
In the same manner that Touch ID stored its mathematical representation of your fingerprint in the Secure Enclave, Face ID also stores its learnings in the iPhone X’s Secure Enclave. What is stored in the Secure Enclave is more than just the representation of your face, but also the initial scan with the 30,000 individual dots that was scanned. This is stored so that Face ID can learn about your face and re-apply the latest machine learning, through neural engines, that are available. This means that Apple can update their algorithm and not require you to take another new face scan.
Just like with Touch ID, developers do not have access to this data. Even with the Face ID camera, the learning engine and sensor data that is available to Apple and iOS, is not available to developers. This means that they will not have the same range of data available to Apple, but this is likely for your best interest.
There is an additional feature of Face ID that also doubles as a security feature. That feature is “Attention Awareness”. There are actually two options to “Attention Awareness” within Settings -> Face ID & Passcode that can be set. The first is “Require Attention for Face ID”. This setting will verify that you are actively looking at your iPhone X before it will unlock. There is a possible downside to this setting. Some sunglasses, particularly if they block infrared, will not allow this to work. In those cases you will have to remove the sunglasses before this feature will work.
The second option is “Attention Aware Features”. This setting will check for attention before dimming the screen or reducing the volume for alerts. With this setting enabled if you are actively looking at your iPhone X and an alert comes in, the notification volume will be reduced because you should already be able to see the notification on the screen. The other aspect to this setting is that if you are looking at the screen it will not dim, after the timeout that you have set. While the dimming of the screen is on all other iPhone Models, with Face ID this can be mitigated on the iPhone X, which will allow for an overall better experience.
No matter whom the source of a new piece of technology is there are bound to be some tradeoffs; Face ID is no different in this manner. With Touch ID you are able to register up to five fingerprints on a single device. Face ID suffers a bit in this area. As of right now, Face ID only allows you to register a single face.
This is a first generation product and it will only improve over time. It is entirely possible that Apple left storage space within the Secure Enclave for more than one face, but Apple may not be confident enough that the neural networks that are working with Face ID are able to differentiate individuals enough to allow a second face to be registered.
While Face ID has better security, one in a million chance of unlocking with Face ID versus one in fifty-thousand with Touch ID, there are still some cases when Face ID may fail to recognize you. There are certain aspects to a face that Face ID must be able to see in order to get a positive detection. This includes, your eyes, nose, and mouth. As long as these items are present, Face ID should work. There are some other areas where Face ID may not work properly.
If you are under 13, your facial features may not be distinct enough to work. However, if you are able to successfully train Face ID with someone who is under 13, and they have siblings, this may be a way to allow all of them to unlock an iPhone X using their face. This may only be a temporary solution, but it may work. Similarly, if you have an identical twin, they will likely be able to unlock your iPhone X. Along these lines, if you have two, or more, family members who look similar, you can train Face ID to allow those individuals to unlock it. iMore has a good write up about a pair of brothers who did just that.
Final Thoughts on Face ID
Is Face ID perfect? No, it is not. Even with some of its limitations, Face ID is a a good iteration on Touch ID for the iPhone X. The biggest downside of Face ID is that only one face can be registered at a time. This will affect those who wish to allow others easier access to their devices, instead of having to enter in a passcode every time. Unfortunately, it is what it is. The convenience of Face ID over Touch ID cannot be understated. In most interactions, when your face needs to be scanned, you are already looking at the iPhone X and the scan is so quick, it is not really an inconvenience.
Face ID takes the convenience of Touch ID and supercharges it. Face ID on the iPhone X is a complete game changer, not just for security but for overall convenience. There are some specific items related to Face ID that require their own in-depth look. These are Animoji, Apple Pay, Gestures, and Passwords and these are the focus of the next article.