Apple is aware of three security concerns discussed in an upcoming article. One of these concerns pertains to Face ID being fooled by twins or siblings, resulting in the unlocking of their look-alike’s iPhone or iPad. This occurrence is frequent enough that auto-reply emails from Apple’s security team include a detailed explanation of how Face ID functions and why it can be bypassed in such situations.
Apple users are assured of Face ID security upon its introduction. Financial institutions also trust this technology for authentication purposes, both with Apple Pay and various banking apps. The same holds for Touch ID. However, it raises questions about the actual security level of these technologies.
The article will examine each method of biometric authentication on an iPhone or iPad: Face ID, Touch ID. Furthermore, we will explore which method is the most secure and the reasons behind it.
Touch ID: The Fingerprint Revolution
Touch ID originated in 2013 with the release of the iPhone 5S and made its way to iPads in 2014. The technology is also available on various Mac models from 2016 to the present. Instead of simply capturing a fingerprint, Touch ID captures a detailed and precise high-resolution image of small sections of the fingerprint from the subepidermal layers of the skin.
The information is intelligently analyzed to create a mathematical representation, which is compared to enrolled fingerprint data for device unlocking. It’s important to note that neither Face ID nor Touch ID stores photos or fingerprints on iPhones and iPads.
Touch ID, along with other fingerprint authentication technologies, can be easily defeated, according to security researchers. Hackers quickly discovered ways to bypass Touch ID shortly after its launch. Moreover, researchers have identified that similar technology can be tricked using methods like 3D printing. They achieved an approximately 80 percent success rate by using fake fingerprints to bypass the sensors at least once.
To be fair, Apple is continuously enhancing Touch ID with each new technology revision. However, researchers who successfully bypassed Touch ID using 3D-printed fingerprints suggested relying more on strong passwords and token two-factor authentication, especially if the user is a potential target for well-resourced attackers or their device contains sensitive information.
Face ID: The Facial Recognition Breakthrough
Apple introduced Face ID in 2017 with the iPhone X. Currently, it is only available on iPhones and iPad Pro models, starting with the 2018 3rd generation iPad Pro. Face ID works with two elements, rather than simply taking a photo of your face.
Firstly, the TrueDepth camera projects over 30,000 invisible dots on your face to create a depth map. Secondly, it captures an infrared image of your face. The neural engine of the iPhone or iPad’s chip combines these two elements. According to Apple’s documentation, it “transforms the depth map and infrared image into a mathematical representation and compares that representation with the enrolled facial data.”
As the successor to Touch ID, Apple claims that the probability that a random person in the population could unlock your iPhone or iPad Pro using Face ID is less than 1 in 1,000,000. However, Apple acknowledges that the statistical probability is higher for twins, siblings that resemble you, and children under the age of 13 due to their distinct facial features potentially not being fully developed.
Apple “enhanced” Face ID during the COVID pandemic to work while wearing a mask. While this provides convenience, it effectively reduces the security of Face ID. There are two variations of this technology, both accessible in Settings > Face ID & Passcode.
If you have an iPhone 12 or later, you can enable the “Face ID with a Mask” setting. However, if you encounter any issues with Face ID not working, there are easy steps you can take to fix it.
According to Apple, this relies on unique facial features around the eye area to authenticate, which increases the probability of a false positive. This is especially true for close-blood relatives. The second way to unlock your phone while wearing a mask, which doesn’t require a specific iPhone model, is “Unlock with Apple Watch.”
The Battle for Biometric Supremacy
Don’t worry, although the in-display fingerprint sensor is still more reliable, Face ID meets industry standards and can satisfy the security request for 99% of users. Only 1 in 1 million people have a chance of bypassing smartphone security using a face scanner.
An even better approach is multi-factor authentication, which eliminates the risk of hacking. This is a valuable feature from privacy considerations. It is intended to provide security improvements through the use of multiple unlocking tools.
Usually, this is a password and Face ID or Touch ID. The same should be used for online activities that are not protected by biometric authentication means. It’s better to additionally set up VeePN for iPhone to eliminate the possibility of hackers wedging into your Internet channel. If you use several reliable security technologies, your security will be impeccable.
Every authentication method carries its own set of risks. Ultimately, users must decide whether to utilize Touch/Face ID or solely rely on a passcode. You alone are responsible for finding the ideal balance between security and convenience that caters to your individual needs.
Both security technologies have gone through the user adoption process, but face unlocking is faster and more convenient. Moreover, the evolution of iPhone security continues and the function gradually becomes even more accurate. This is why Apple releases ongoing security updates. Most user preferences are directed towards Face ID and there is no need to worry, it is quite secure. Even if Touch ID is somewhat inferior, Apple is unlikely to return to this technology.