Authenticating with your face seems like a natural choice when it comes to smartphones. Talk about convenient \u2014 you were going to look at the phone anyway, right?<\/p>\n
The smartphone industry as a whole seems to agree. Apple wasn\u2019t the first company to come up with the idea of unlocking a smartphone with a face, but after Apple introduced it, in the iPhone X, the whole smartphone industry followed \u2014 as it always does. Almost every phone showcased at Mobile World Congress 2018<\/a> had this function. It\u2019s a really bad trend, and here\u2019s why.<\/p>\n Actually, I don\u2019t think that face recognition is bad per se. Quite the opposite \u2014 done right, it\u2019s probably better then authentication based on fingerprints or PIN codes. But the devil is in details.<\/p>\n Describing how Face ID works<\/a>, we mentioned the complexity of the recognition system: It involves a regular camera, an infrared camera, and a dot projector, as well as some machine learning, secure storage, and processing. Apple has put a lot of effort and money into making the system fast, secure, and reliable \u2014 and it\u2019s charging a nice premium for that, selling the iPhone X for $999.<\/p>\n That price point causes a dilemma for other smartphone makers: Their devices typically sell for quite a bit less, but they also have to keep up on features and specs. They start by trimming things that won\u2019t be missed right away: a cheaper speaker here, slower storage there. Maybe leave out the infrared camera and the dot projector from the face-unlock module \u2014 but keep the function; it\u2019s a selling point, after all.<\/p>\n The ability to use your face to unlock your phone is a feature highlighted in marketing materials, but ad copy doesn\u2019t tend to delve too deep into how it works. Perhaps those companies don\u2019t want to explain too clearly how they made their facial authentication significantly less advanced, less reliable, \u2014 and less secure.<\/p>\n In most cases, an inexpensive phone\u2019s facial recognition relies on just the front-facing camera and some not-so-advanced algorithms, maybe using a flash to take better photos. But a regular 2-D camera without an IR sensor or dot projector can be easily fooled by photos<\/a> (for example, snagged from a social media profile) printed on paper or shown on a screen. Even some of the better ones are likely still susceptible to fakery using 3-D printed masks. Even Apple\u2019s Face ID was fooled by an \u201cevil twin\u201d mask attack<\/a>, but phones relying on simple photos are simple gatekeepers.<\/p>\n <\/strong><\/p>\n <\/p>\n The widespread use of face unlocking without adequate hardware will result in lower security overall for modern phones. Fortunately, for now it isn\u2019t usually the default authentication method \u2014 codes or fingerprints are more common. And some manufacturers use more secure systems, such as iris recognition, that are harder to fool.<\/p>\n However, face authentication is trendy, so I expect more and more users of cheap Android phones to switch to it (Anything your iPhone can do, my phone can do, too \u2014 and at a tenth of the price!<\/em>).<\/p>\n We highly recommend carefully checking the details of your phone\u2019s face recognition method before enabling it. It must be really secure and not fall for photos or masks, or leak your data, or process data insecurely. Fingerprint authentication isn\u2019t magically infallible, but at this point, it\u2019s more secure \u2014 and a six-digit PIN is probably your best bet for now.<\/p>\n","protected":false},"excerpt":{"rendered":" Almost every new smartphone now lets you unlock it with your face \u2014 and that\u2019s really bad for security.<\/p>\n","protected":false},"author":675,"featured_media":19853,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1789],"tags":[2799,2800,1232,2627,2830,315,320,45,321],"class_list":{"0":"post-19852","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-klmwc18","9":"tag-mwc18","10":"tag-biometrics","11":"tag-face-id","12":"tag-face-unlock","13":"tag-identity-theft","14":"tag-mobile-world-congress","15":"tag-smartphones","16":"tag-technology"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/face-unlock-insecurity\/19852\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/face-unlock-insecurity\/12811\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/face-unlock-insecurity\/10621\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/face-unlock-insecurity\/14936\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/face-unlock-insecurity\/13250\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/face-unlock-insecurity\/12675\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/face-unlock-insecurity\/15572\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/face-unlock-insecurity\/15203\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/face-unlock-insecurity\/19998\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/face-unlock-insecurity\/4810\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/face-unlock-insecurity\/21618\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/face-unlock-insecurity\/10129\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/face-unlock-insecurity\/10209\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/face-unlock-insecurity\/9105\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/face-unlock-insecurity\/16145\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/face-unlock-insecurity\/9449\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/face-unlock-insecurity\/19904\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/face-unlock-insecurity\/19873\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/biometrics\/","name":"biometrics"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=19852"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19852\/revisions"}],"predecessor-version":[{"id":24110,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19852\/revisions\/24110"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/19853"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=19852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=19852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=19852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Not that bad, but also really bad<\/h3>\n