By now, if you’re interested in tech, you’ve probably seen a video or two of the iPhone X being unlocked by someone’s face that isn’t the owner. Apple said it was more secure than Touch ID, at least twice as secure, so what gives? There are a few factors at play here. It involves the machine learning Apple uses to make Face ID work, Face ID’s limitations on children, and, unfortunately, some really bad news for anyone with an identical twin (especially if they’re an evil twin). To answer your biggest question, no, Face ID isn’t easily compromised, but there are steps you may be unintentionally doing that are making you more vulnerable. Here’s an explanation of what’s happening, and how you can ensure your phone is secure.
False Matches and How to Prevent Them
Let’s consider the case in the video above. I’ve seen a few people debunk it, saying that it may be a video of the phone being unlocked on the screen, but let’s say it’s not. Let’s say it wasn’t scripted at all, that they’re not making money off the video, and it wasn’t a way to make a quick buck. For now, let’s just consider it 100% valid, for the sake of argument. How could it have happened? The answer lies in how Face ID works, and how it trains itself to recognize you, even as you change your face, wear glasses, grow a beard, put on makeup, etc.
How Face ID Adapts
Face ID it trained first by scanning your face two times. This is because one scan doesn’t give it enough data to be sure of what you look like. Hair can change, lighting could have changed something, or perhaps you wanted to do one of the scans with your glasses on. The point is, one scan alone isn’t enough, but two is considerably better. After that, you can use your face to unlock your iPhone X. If it doesn’t recognize you, it’ll prompt you for your password. This is where it gets tricky. If you enter your password, it knows to retrain Face ID to understand that the person looking at it is a potential match. This is great for you if it was just a matter of beard growth, makeup, hair in your face, aging, puffy morning face, or something else, but if it was a friend or family member, especially one who already looks a little like you, then there could be a problem. If this happened even once, your iPhone could have started the process of training it to recognize their face as the owner’s face.
How to Prevent Accidental Unlocks
The best way to prevent unintentional unlocks of your device is to just not let other people use it. However, this may come off as rude, or untrusting. If you have a significant other, they may be exceptionally suspicious of you. As long as you’re not cheating on anyone, you may want to let them use your phone from time to time. The best way to do this is to unlock it first yourself, then hand it to them. If, however, they hand you the phone after they tried to unlock it with their own face, it’s probably prompting you to type in your passcode. Don’t. Instead, lock the screen, then turn it on again. This will tell Face ID to try again, and it should identify you by your face this time. If not, you can put in your passcode, to better train your phone for your own face.
So What About the Kid Unlocking Mom’s iPhone?
They likely broke the rules here. The son likely put in the mother’s passcode after a few attempts, and Face ID learned to unlock for both the mother and her son. The familial resemblance, along with issues regarding Face ID and children, are to blame. This isn’t a widespread issue, it’s a problem of making the phone susceptible to other people getting in it.
Children, Twins, and Family
I won’t lie, if you have a twin, you’re out of luck. If you don’t want your twin in your phone, you’ll need a passcode. It’s a shame, because twins have different fingerprints, and could therefore lock their devices with Touch ID. Now they have to go back to passcodes because Apple didn’t think they were important enough for biometrics. Family members who aren’t identical shouldn’t be able to unlock your device, but they may be more likely to unlock it if you break the rules and re-train Face ID for their faces. The same can be said of children. I don’t know about you, but I think most kids look pretty similar (especially babies). Face ID thinks so too. That’s why children under 13 are more likely to have problems with Face ID, because it could unlock for other children. On top of that, they may be more likely to be able to retrain their parents’ phones, especially if there’s a strong resemblance.
Basically put, Face ID isn’t perfect, but it’s evolving. Apple will make updates that improve it, make it faster and more secure, but it’s up to you to ensure it’s properly trained on your face and your face alone. Don’t let others unlock your phones, and don’t give out your passcode, and you’ll find Face ID is accurate and secure. So far, no one’s been able to get into my iPhone X (review pending!) and I’ve had absolutely no difficulty unlocking my own phone either.