The Untold Story of Facial Recognition Authentication

Facial recognition has been used for many years as an authentication method in specific niche environments. However, it wasn’t until the release of the iPhone X in November 2017 that this form of login authentication began taking off into the mainstream, with commercials by Apple dedicated to showcasing this technology as one of the perks of owning its new phone.

The technology, naturally, has already existed in several platforms (OnePlus 5T, Windows 10, etc.), but they didn’t use it as a central selling point. Its proliferation, however, might have some downsides that people don’t generally think about but certainly should know.

It Never Works as Well as Advertised


If you want to unlock your iPhone X, you’d expect that all you have to do is look at your phone. This is basically the language that their Face ID trailer uses. Unfortunately, that’s not how the technology works (at least not yet).

After receiving a barrage of complaints from users who couldn’t unlock their phones with their faces, Apple’s support page included a statement that says:

Face ID requires that the TrueDepth camera sees your face, whether your iPhone X is lying on a surface or you’re holding it in a natural position… Face ID works best when the device is arm’s length or less from your face (25-50 cm away from your face).

The other issue not mentioned here might be lighting. A camera’s CMOS has a lot more trouble trying to make faces appear in darker places than our own eyes do. You cannot, for example, unlock your phone in an underlit club or even in a train that doesn’t have reliable lamps. There are more limitations to this technology than there are in the fingerprint sensor.

The iPhone’s fingerprint sensor requires only that you have fingers with fingerprints. Its camera, on the other hand, requires not only that your face be present at a particular angle but also that the environment be perfect for recognizing your face.

Security Is Lacking (A Lot!)


Less specific to Face ID itself is the issue of security in facial recognition authentication as a whole. There’s a reason why restricted areas usually use either card keys or retinal scans. Facial recognition is a very low-tier technology that could be tricked quite easily.

We’ve also addressed some concerns about the government subpoenaing this data in an opinion piece we released on October 19, 2017, about a month after the iPhone X was announced.

But aside from that point, there are also concerns related to the mechanism’s own ability to prevent others from gaining access to your device without your knowledge. A video by SySS GmbH (a German cybersecurity company) shows how easy it is to trick the facial recognition mechanism in Windows 10 using only an infrared rendition of a person’s face printed on a sheet of paper.

You can see them doing this again here, and once again here. The whole marvelous part of this is that each of these demonstrations was done with enhancements that were made to prevent this exact type of hacking.

Facial recognition by its own nature can be fooled if you manage to imitate someone else’s face. Given the state of current technology, this is actually easier than imitating a fingerprint.

It is easier (and more secure) to avoid using facial recognition technology altogether and just use a PIN number or pattern to unlock your phone.

What do you think would help facial recognition systems become more secure? Tell us what you think in a comment!

Miguel Leiva-Gomez
Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox