Is Face ID Safe — Even to Use With Your Bank Account?
Remembering passwords can be a chore, but biometric options such as Face ID from Apple help us log into our favorite devices while keeping them secure.
Instead of typing in a password or code to unlock your device, Face ID, also known as facial recognition, allows you to merely glance at your iPhone or iPad and gain access to its contents — so convenient!
But is Face ID secure enough — even to use with your bank account? As Face ID has become more popular, the majority of banking apps now allow you to log in to your account by simply peering at your smartphone.
Let’s take a deep dive into Face ID and see if this method of unlocking your device (and your bank account) is strong enough for everyday use.
What Is Face ID?
Face ID was released in 2017 with the launch of the iPhone X; it was an upgrade to Apple’s existing biometric unlock feature, Touch ID. Rather than using your fingerprint, Face ID uses advanced hardware to create a three-dimensional facial map that can then be used to unlock your device.
Since Face ID’s launch, it is now available on all iPhone devices (except the budget-friendly iPhone SE) and iPad Pro models. The technology is smart enough to lock out unauthorized users, but it can recognize when you change your hairstyle, have applied makeup or are wearing an accessory, such as a scarf, hat, or pair of glasses.
With the release of iOS 15.4, and using an iPhone 12 or later, Face ID can recognize a user's face even with a face mask, although we’ll discuss why you might not want to enable this feature.
Is Face ID Actually Secure?
The short answer is yes, Face ID is quite secure. Here’s how Face ID works:
Creating a Facial Map
When you decide to set up Face ID on your device, your iPhone or iPad uses its built-in TrueDepth camera system with a dot projector and an infrared camera to capture a detailed map of your face. Your face is recorded by invisibly projecting thousands of invisible dots onto your skin; the device also captures a two-dimensional infrared image of your face to assist the process.
The facial data that is collected using the TrueDepth system is then converted into a mathematical model, which is used when you attempt to unlock your device. All of this sensitive data is securely encrypted and stored within the device’s neural engine and protected within what is known as a Secure Enclave.
Encrypted and Secure
At this point, only the Secure Enclave is able to access this stored model of your face, so you won’t need to worry about a random application gaining access to it. But, even though your iPhone has a mathematical image of your face, how accurate is it? Could anyone pick up your phone and accidentally gain access?
According to Apple, the odds of a random person looking at your iPhone or iPad with Face ID and unlocking it are slim: 1 in 1,000,000. Additionally, Face ID uses a three-dimensional depth map of your face, so 2D prints of photographs of your face won’t work. The Face ID system has even been designed to avoid being fooled by masks using sophisticated anti-spoofing neural networks.
In addition, you’ll still be required to set up a traditional passcode on your device. Face ID will also refuse to work in certain situations outlined by Apple, including the following:
- The device has just been turned on or restarted.
- The device hasn’t been unlocked for more than 48 hours.
- The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID hasn’t unlocked the device in the last 4 hours.
- The device has received a remote lock command.
- After five unsuccessful attempts to match a face.
- After initiating power off / Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.
Why Should You Not Use Face ID?
There are a few situations that can make facial recognition systems, such as Face ID, less secure, so it’s important to know what they are. After all, if you are using Face ID to keep your bank app secure, you don’t want to do anything that could jeopardize your device’s security.
Face ID Weaknesses
For starters, Face ID may be fooled into unlocking if you have an identical twin or sibling who looks very similar to you. While Face ID is designed to avoid these mishaps, if you have an evil identical twin, you may want to consider sticking to a good old-fashioned passcode.
Children under age 13 may also have issues with Face ID. Without certain distinct facial features, Face ID may be more likely to be unlocked for children, but as long as you don’t add your children to your iPhone or iPad’s Face ID, this shouldn’t be something you need to worry about.
Face Mask and Face ID
With the release of iOS 15.4, Apple has made it possible for iPhone 12 or later devices to unlock even if an individual is wearing a face mask. While this feature may appear tempting, it does reduce the security level of Face ID. Rather than relying on a full facial map of your face, this feature focuses on the distinctive features around your eyes.
If you frequently wear a face mask and own an Apple Watch, you can instead enable a feature that allows you to unlock your iPhone whenever you are wearing your Watch and your iPhone is nearby. If your iPhone is unlocked this way, a notification is immediately sent to your Apple Watch, keeping you alerted at all times.
What About Touch ID?
Touch ID is another Apple biometric security feature that allows you to unlock your device using just your fingerprint. Touch ID is currently sold on the iPhone SE, along with select iPad models and select Macs. While not as secure as Face ID, the probability of a random fingerprint unlocking your device is 1 in 50,000.
If your device only supports Touch ID and you are wondering whether you should use it, the answer is still likely yes. For most people, Touch ID is a great solution and is still much more secure than a 4-digit passcode. Additionally, like Face ID, your Touch ID data is encrypted and stored within your device’s Secure Enclave for controlled access.
How Do I Use Face ID With My Bank?
If your bank’s mobile app for iOS supports Face ID (or Touch ID), it will likely ask if you wish to use it for logging into your account after your first initial log-in with your typical credentials. On your first login, there may also be a check box before you log in where you can select to use Face ID in the future for security and convenience.
If you have already logged into your banking app and have not chosen to enable Face ID, or you were never prompted, we would recommend checking the Settings menu within your banking app and looking under the Security heading. Otherwise, you can always call your bank for additional assistance with its application.
Frequently Asked Questions (FAQs)
Face ID may not work optimally if you have an identical sibling with similar facial features or if a child under 13 years of age is utilizing the system. Additionally, it may be easier for someone to coerce you into looking at your device to unlock it in comparison to having you give up or provide a passcode.
Yes, Apple’s Face ID platform is very secure with the odds of a random individual unlocking your device being 1 in 1,000,000. Additionally, Apple does not have direct access to a user's face data as it is encrypted on your device within a secure enclave and is not uploaded to the cloud or anywhere off of your device for storage.
According to Apple, the chance of someone randomly unlocking a device with Touch ID is 1 in 50,000. In comparison, the chance of someone randomly unlocking a device with Face ID is 1 in 1,000,000; this makes Face ID and facial recognition approximately 20x safer than Touch ID and a fingerprint scan.
Michael Archambault is a senior writer with The Penny Hoarder specializing in technology.