We’re entering a new age of digital security: Either you use a password, or you are the password.
Apple has killed its TouchID fingerprint scanner in favor of a 3D facial scanning technology called FaceID, which the company says can unlock your phone by scanning your face and provides better security than a fingerprint. Apple claims that 1 in 50,000 people are able to unlock an iPhone by having a similar fingerprint, but only 1 in 1,000,000 would have a face similar enough to trick the new system.
Otherwise, FaceID will work similarly to TouchID in enabling ApplePay payments and unlocking apps.
FaceID differs from other smartphone technology in that it takes three-dimensional measurements of a person’s face. Facial recognition in phones like the Galaxy S8 and Note8 relies on two-dimensional images, meaning those devices can be unlocked using just an image of the person’s face. (Apple first filed a a patent for 3D-scanning technology in 2015, but it wasn’t granted until earlier this year.)
“You would be able to increase the levels of accuracy—just by having a stereo view of the face—by several orders of magnitude from where we are today with 2D facial recognition,” says Brett Beranek, director of strategy and go-to market for Nuance, a software company that works on speech transcription and biometric authentication. Beranek says that since these 3D systems take in so much data, facial scanning could be more secure than a fingerprint scan, which can be spoofed by using a piece of tape to grab someone’s fingerprint.
Obtaining 3D facial measurements has involved a number of different approaches: Some systems use multiple cameras, while others use one camera and two LED lights. Apple’s uses infrared lights and what they call a “dot projector,” but all of these methods work toward the same end. The goal is to create a kind of three-dimensional map—not just what your face looks like, but also the dimensions of your facial features. That’s why setting up FaceID will require moving the iPhone in a circle around your face, to get different perspectives for an accurate measurement of the nose, eyes, chin, and more.
Apple even says that FaceID will learn how your facial hair grows—if you grow facial hair—and adapt accordingly. It will also work if you’re wearing a hat or other headgear.
Lyndon Smith, a computer vision professor at the University of the West of England Bristol, says the higher-accuracy 3D systems that he’s developed can even tell the different between twins.
“With 3D, if you get very high resolution, which is what we’re trying to do, it’s almost like a 3D fingerprint,” he says. “Even identical twins have the same genetics but their faces will be slightly different due to experiences in their lives. Maybe they got little scars, or maybe they got moles, or whatever it is on their face. Every face is unique.”
While Apple’s FaceID isn’t twin-sensitive, Smith’s system shows that the technology is capable of increasingly high accuracy in the future.
Apple’s new facial recognition technology also brings a slew of new privacy and security concerns. It’s still unknown whether a person could be made to use their face to unlock a phone by an assailant, police, or at an airport. Biometric data is also way more important to keep secure than a passcode, because while you can change a passcode, you can’t change your face—hackers have it for life. In the past, Apple has kept TouchID fingerprints on an encrypted chip called the Secure Enclave (pdf).