Is Face ID Safe? A Quick Guide to Apple’s Facial Recognition

You may be relieved to know that more and more companies are offering ways to log in to our accounts or save our credentials without having to remember hundreds of passwords. The benefit for us is that we can easily log in to our accounts without resetting forgotten passwords, and our accounts are more secure than ever with more advanced ways to access them.

One way we can access our accounts securely is face ID, but many people are concerned about this new technology. Is face ID safe? Is it secure? And what happens to the data you send when this technology scans your face?

This article will answer all these questions so you can fully understand how Face ID works, whether it’s safe when to use it, and what other options are available to log in to your accounts, such as magic links, biometrics, or passcodes.

Table of contents

• What is face ID?
• Is face ID safe?
• Is Face ID safe enough to protect your account?

What is face ID?

Face ID is a biometric facial recognition system that allows users to unlock their devices, make purchases, or access secure apps using their faces. It projects harmless infrared dots onto your face, creating a 3D map that uses secure authentication to match your details against a database to determine whether you’re authorized to unlock the device.

Apple’s patented Face ID replaced touch ID for iPhones and iPads when it was introduced to the iPhone X in 2017. Since then, other companies, such as Google and Android, have used facial recognition technology for their devices.

How does face ID work?

Face ID uses Apple’s TrueDepth camera system. When you set up face ID from your mobile device, the camera projects and analyzes thousands of invisible dots on the face, creating a detailed depth map and infrared image.

Face ID works by mapping interest points from your face, including features like your eye corners, nose tip, and mouth edges across your face, as seen in the example below.

From these points, a unique code called a feature vector, your unique mathematical representation assigned to your face, is generated like this image.

When you request to unlock your device, log in, or make a purchase, the Face ID database compares the live facial data to the stored model to verify your identity. If, after some unsuccessful attempts are made, you are prompted to enter your passcode for additional security and to prevent unauthorized access.

Is face ID safe?

Face ID is safe. Apple has taken strong measures to protect your face's privacy and data security by using advanced encryption and secure hardware to protect your data. When Face ID captures your features, it creates a map and infrared image that converts this data into a mathematical model of your face.

This data is then encrypted and stored using Secure Enclave, a separate and secure chip built into Apple devices that is separate from the device's main processor.

The technology uses Secure Enclave, a special subsystem built into Apple’s systems on chips (SoC) that is separate from the main processor and designed to protect sensitive information.

Furthermore, all of this information is kept locally on your device and never leaves it, meaning it's not sent to iCloud nor backed up anywhere online, giving you complete control to maintain your privacy.

You can update your Face ID anytime from settings, and you will be prompted to enter your passcode to update your information.

Is Face ID safe for your health?

Yes, Face ID is safe to use and set up. Apple’s technology has been tested rigorously to meet global safety standards and is considered safe under normal conditions. Apple states on its website that the system won't harm your eyes or skin due to the low intensity, even after heavy use.

If your iPhone malfunctions, the laser system may be disabled for safety reasons to prevent harm. It’s important to have your device repaired by qualified and certified technicians, as improper repairs or parts may cause safety issues.

Is Face ID safe enough to protect your account?

Face ID is considered a highly secure method of protecting your account, but it’s also important to note that no authentication is entirely foolproof. As hackers and scammers are always trying to find ways to break these technologies, you should be aware of the following risks when considering whether Face ID is a safe option for you.

1. Scammers: Many scammers will target bars and look for people under the influence who have their guard down. There will usually be a story where they have lost their phone and need to make an emergency call, asking you to unlock the phone with your Face ID.
2. Attention Aware: Other times, your phone may be unlocked without you noticing if the Attention Aware feature is not enabled. In these cases, scammers can access emails, numbers, passwords, or other sensitive data.
3. Criminals: Another risk is criminals—not the ones hiding behind a computer, but people who use threats of violence to get you to use Face ID so they can change it to their own face, giving them access to everything on your device.
4. 3D models, deepfakes, or family members: In some cases, your identical twin could access your device, as your faces will have been mapped similarly. There are other cases of cybercriminals using models or deepfakes to trick Face ID into getting access to accounts.

To mitigate these risks, always use a unique passcode to prevent others from accessing your phone, and turn on Attention Aware to avoid your phone unlocking without your knowledge. To do so, follow these steps:

1. Go to Settings on your iPhone.
2. Tap Face ID & Passcode.
3. Enter your passcode.
4. Toggle on Attention Aware Features.

Alternatives to Face ID

Face ID is a great method for protecting your accounts, but you can still decide on other alternatives or extra measures to protect your devices. Here are some popular alternatives to Face ID, which range from older to developing and future security measures.

1. Touch ID: Although not available on newer iPhones, iPads and Macbooks come with Touch ID. It is arguably more secure than Face ID because everybody has unique fingerprints. You can also use a passcode to provide additional security for these devices.
2. Passcode: A traditional passcode will secure your device, and although it doesn't offer the convenience of biometrics, it's still one of the most secure options. Passcodes require more work to keep updated and safe, and you must remember to change it regularly, create long, unique passwords, and never share them with anyone.
3. Two-Factor Authentication (2FA): The most recommended feature for more security, 2FA will protect your accounts even if someone has access to your device of Face ID.
4. Security keys: Security keys are physical devices used to authenticate logins and protect accounts that you hold on to. You register the key with a service, which generates a unique public and private cryptographic pair. The public key is shared and stored with the service, while the private key is secured on your device.
5. Behavioral Biometrics: Some devices and apps use behavioral patterns to analyze how you type, swipe, or hold the phone to provide an additional layer of security. While still in its infancy, this could be an alternative to Face ID to watch out for in the future.
6. Pattern-based authentication: Android devices can set up pattern locks to unlock a phone. This requires the user to connect a series of dots on a grid in a specific pattern to unlock the device. However, this method is considered less safe due to common patterns people use, and smudge marks developing over time, which others may be able to see and guess.
7. Smudge Marks: Over time, repeated use of certain patterns can leave visible smudge marks on the screen, which others may be able to observe and use to guess the pattern.
8. Magic links: Magic links are a passwordless method to access a service or app that is sent to your email or phone. This one-time link allows you access to a service without needing a password.

Choosing which one is right for you will depend on the sensitivity of your data and other factors, such as where you want to access your app. People in packed public transport, for example, may be watching over your shoulder and remembering your password.

Conclusion

So, if you’re concerned and are still wondering how safe is face id and whether its enough to use on your devices, then yes, it is. As we mentioned, none of your facial data gets sent to Apple. Instead, it is stored locally with Secure Enclave on a separate chip.

Still, as not every device has Face ID or facial recognition technology, it is still necessary to consider and use alternatives to Face ID, such as passcodes or magic links, so you have various security tools to protect you online.