S2M Explains : How Do Face ID & Fingerprint Scan Work? Are They Secure?.
Passwords suck. They take a long time to type, are easy to forget, and most people probably choose something really easy to guess that compromises their safety. This is why biometric unlock methods are so popular.
All but the cheapest smartphones now have built-in fingerprint scanners. One touch – and the phone will be unlocked, which is quite convenient. But now more and more devices are using facial recognition as screens are getting so big. Apple is no exception and offers devices that use both of these technologies to protect them. Technologies officially known as Face ID and Touch ID.
But how does Face ID and fingerprint scanning work?
What are Face ID and Touch ID?
The obvious answer to this question is that Face ID is the face unlock system and Touch ID is the fingerprint unlock system. Work is done. End of the article. Right? Well, it’s a little tricky, because while many companies use faces and fingerprints to unlock their devices, they don’t all work the same.
These two biometric systems are Apple’s own proprietary solutions for solving the biometric problem. This is important because companies like Apple believe their approach and technology are safer than their competitors. This is really important because hackers and other security professionals have been able to trick such systems in the past.
As you would expect, there is a race between the creators of biometric security sensors and those who want to beat them. It’s important to know how sensors work on your Apple device and what their limitations are.
How do Face ID and Touch ID work?
Touch ID is Apple’s most advanced biometric system, and you’ll find it on select iPhone, iPad, and MacBook Pro models. Its sensors use sapphire crystal as the button material. It’s very hard and incredibly scratch-resistant, which is why high-end smartphone cameras also use sapphire lens covers.
When you place your finger on the button, a very high resolution image of your fingertip is created. A patented software algorithm then examines the image, converting your fingerprint into pure math. This is then compared to the stored mathematical transformation of the fingerprint that was registered when Touch ID was set up. If they match, the device will be unlocked.
Face ID also works pretty smartly. Many devices use a regular camera for face recognition. It compares the recorded photo with the one you present to unlock the device. The face matching software is quite sophisticated, but many of these cameras cannot tell the difference between a photo and a mask, so they can be tricked into unlocking.
Face ID, on the other hand, uses a dedicated TrueDepth camera to create a very detailed depth map of your face. One with over 30,000 points. It combines this with an infrared image of your face to create a face profile. The neural network hardware components for machine learning of modern Apple mobile processors make this level of complexity possible.
How secure are these technologies and are they good enough for you to trust them?
General biometric security flaws
First of all, there are some security vulnerabilities that affect biometric systems in general. The biggest problem with using an aspect of your biology to discover something is that you cannot change it. If someone manages to make an exact copy of your fingerprint or face, they can unlock anything. If someone finds out the password or passcode, just change it.
Things like this have actually happened in the past, and biometric sensors have been able to get around this by becoming more detailed and looking at many aspects of your biology. For example, the finer details of your fingerprints or the presence of body heat. Those who want to defeat these systems must learn to better reproduce your biology, which at some point is impractical for the average hacker.
The biggest weakness of biometric systems is actually pretty simple. Someone might just take your finger or face and force you to unlock the device. This is different from a password or code, which you can “forget” or otherwise hide. We’ll cover this scenario at the end of the article.
How secure are Face ID and Touch ID?
This is a bit of a busy question, as it depends on your definition of the word “secure”. Usually, the safety of such systems is expressed in the likelihood that someone will accidentally defeat them. This is a brute force method of breaking a digital lock. For Touch ID, the chance that someone’s fingerprint is that similar to yours is only 1 in 500,000 and Touch ID will be tricked.
Of course, this is very different from how someone takes an impression of your fingerprint or creates a fake fingerprint based on a scan. Again, how likely this is to happen depends on who you are and whether or not anyone is motivated to take this extreme path. If you are the VIP who is attracting such attention, you should not use biometrics, as in our opinion they are not secure enough at this level of risk.
According to Apple, Face ID is more secure in terms of brute force. With a one in a million chance that a random person will be quite like you. Identical twins are perhaps the exception here. What about photos or masks that mirror your face? Face ID has a counter to this. As mentioned above, photos will not work as the camera can detect depth. It uses neural network technology to prevent the use of masks as well.
There are no numbers to tell us how effective it is, but again, for the average user, no one is going to spend thousands or even millions of dollars building technology to defeat Face ID. If you are the president of a country, do not use biometric locks.
Activate Killswitch iOS Biometrics
There is only one question left. What if someone can force you to unlock your phone? At the end of the day, they just have to point to your face or touch them with a finger. If you think you might get into this situation, you can simply press the on / off button five times and biometrics will be disabled in favor of a password.
On iPhone 8 and later, you need to press the side button and any of the volume buttons. These methods may differ as you read this, so be sure to find a biometric switch method for your specific iOS device.
In short: Face ID and Touch ID are secure enough for most people, but not for people looking for military-grade security. However, if you are very paranoid, use the six-digit passcode instead.