Is Face ID More Secure?

By István F. — Verified by Sander D. — Last updated: December 12, 2024 — (0)

Table of contents

face id unlock

With the iPhone X Apple has introduced Face ID, an authentication method the company claims is more natural than touch. Instead of typing a six-digit passcode or authenticating with their fingerprint, users will simply look at their iPhone X to unlock it.

The technology behind face ID

To make this possible Apple uses a complex system of multiple technologies: a dot projector, an infrared camera and flood illumination. The technology, branded as the TrueDepth camera system, captures face data by projecting and analyzing more than 30,000 invisible dots that create a depth map of the user’s face, while simultaneously capturing an infrared image of the face. That data is then sent to the “Secure Enclave”, and a portion of the A11 Bionic chip’s neural engine transforms the depth map and infrared image into a mathematical representation, and compares that representation to the stored facial data, as explained by Apple in a support document.

Face ID is designed to understand user facial changes – such as makeup, facial hair, hats, scarves, glasses, contact lenses and sunglasses. For significant changes, such as shaving off a full beard, Face ID confirms your identity by requiring a passcode, which is when the face data is updated.

Why do I need to keep my eyes open for face ID to work?

An interesting aspect of Face ID is that users need to keep their eyes open to unlock the device. Apple doesn’t explain why, but this is likely an extra layer of security to make spoofing harder. An Apple patent application for “embedded authentication systems in an electronic device” filed in 2013 and published by the U.S. Patent and Trademark Office in mid-2017 gives us a hint at how this extra security is achieved. The iPhone’s infrared camera can be used to project light into the user’s eye, the reflection of which is then detected by a lens or optical sensor. The sensors built into the iPhone may detect movements of the user’s eyes, for example, by tracking the position and movement of a user’s retina, iris, blood vessels, or any other feature of the user’s eyes.

Security concerns of face ID

60% off RoboForm for Best Reviews readers

Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.

/goto/roboform/ Click to show code

The introduction of Face ID has prompted Senator Al Franken to send a round of questions asking Apple to clarify the privacy and security safeguards it has in place for biometric data. Franken was concerned that Apple could use the face information (known as faceprints) it collects through Face ID “to benefit other sectors of its business, sell it to third parties for surveillance purposes, or receive law enforcement requests to access its facial recognition system – eventual uses that may not be contemplated by Apple customers,” he wrote. Apple says the Face ID data doesn’t leave the device and is never backed up in iCloud or anywhere else. The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 compared to 1 in 50,000 for Touch ID, according to the iPhone manufacturer.

Spoofing your biometrics

Along with Sen. Al Franken, future users have good reason to worry: so far, face recognition systems have been very easy to defeat. Security researchers bypassed such systems with a simple image printout, or by using a video showing the owner blinking.

In theory, spoofing Face ID will be harder due to the TrueDepth camera system that captures the 3D shape of the user’s face. But it isn’t impossible, and Apple is aware of that. As Marc Rogers – a security researcher at Cloudflare – puts it, the excellent user experience Apple is after forces the company to make security compromises.

Apple acknowledges the limitations of Face ID by having a passcode as a backup, which is used (instead of Face ID) when users first connect their iPhone to a computer. Secondly, iOS 11 allows users to disable Face ID or Touch ID by pressing the power button five times. That’s definitely a win for the good old passcode and shows that even Apple is aware that biometrics are not ready to replace passwords and passcodes just yet.

Best password managers of 2025

Editors' choice

Editor's rating:

(4.5)

Effective security center

Passkey compatibility

Intuitive and organized interface

Affordable prices

Visit RoboForm
Reviews

Families

Editor's rating:

(4)

Logical interface

Automated password categorization

Advanced mobile version

Various two-factor authentication options

Visit LastPass
Reviews

Businesses

Editor's rating:

(4)

End-to-end encryption

Secure authentication method

Data breach alarms

One-time password support

Visit 1Password
Reviews

Security features

Editor's rating:

(4.5)

Robust security

Wide range of platform support

Affordable

Great customer support

Visit Keeper
Reviews

Personal use

Editor's rating:

(4.5)

Strong security features

Effective password generator

Excellent free version

Attractive price

Visit NordPass Personal
Reviews

Password sharing

Editor's rating:

(4)

Password changer

Built-in VPN

Flawless data import

Thorough iOS/Android app

Visit Dashlane
Reviews

Local storage

Editor's rating:

(4)

Packed with features

Free for desktop users

Offline password manager

End-to-end encryption

Visit Enpass
Reviews

Can You Trust Free Password Managers?

Best Ways To Keep Passwords Safe and Organized

Best Ways to Share Passwords Securely With Your Team

Leave a reply Cancel reply

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information and allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

50% off NordPass Personal

Is Face ID More Secure?

The technology behind face ID

Why do I need to keep my eyes open for face ID to work?

Security concerns of face ID

Spoofing your biometrics

Best password managers of 2025

Related articles

User feedback

Leave a reply Cancel reply

Popular guides

Latest reviews

Best Reviews