The idea of locking the phone using such sensitive information as facial features might seem a little insecure. Where is the data stored on your Face ID? Does it really help you protect your iPhone? Does using Face ID mean you are now part of a facial recognition database? Is Face ID safe to use?
Face ID was touted by Apple as the best biometric security measure you can use. It’s easy too, as you don’t need to remember anything to just look into a camera.
There is, of course, the option to add a passcode to your phone (and you need to use one even if you enable Face ID, in case it doesn’t work), so how much more secure is Face ID than that?
The truth is, you don’t have to worry too much about using the feature, and here’s why.
How Apple stores your Face ID
The data created on your face when you first create your Face ID never actually leaves your iPhone. It is definitely not added to any database, stored on a server or sent elsewhere. Instead, it’s stored in a processor on your iPhone, separate from the main processor, called the SEP, or secure enclave processor.
Also, a real representation of your face isn’t actually saved (like a 3D image or model), but your Face ID’s math data is stored in memory instead. So if someone were somehow able to get into this SEP, they wouldn’t see your real face, only the numbers that represent it.
The main processor of the iPhone never gets this data, it only recognizes if the SEP says that your face matches the data stored there or not. So, now that you know your face is safe, you may be wondering how safe it actually is to use the feature.
How secure is Face ID?
As for actually locking your phone, is Face ID a better option than a simple passcode? Face ID, as well as Touch ID, the other biometric security method Apple used for older devices, proved to be quite difficult to crack.
The problem arises if someone undertakes to create fake versions of your face in a 3D model to get into your phone. And once your identity has been compromised in this way, you won’t be able to go back to using your face as a security measure again.
However, situations like these don’t really need to worry you unless you are a high profile person or have extremely sensitive data on your phone that someone might want. And if some thief tries to steal your phone, most of the time he won’t care much if he sees that he’s already protected by other measures. Most thieves don’t want to go through the hassle of trying to unlock their phone.
Even if they were determined, it’s possible they might force you to look at your phone to open it. In this case, Face ID is essentially useless because it is easy for an attacker to bring their face close to the phone. So is there a better option to protect your phone?
Try using a long passcode instead
While using Face ID is better than using nothing, you will always have greater security if you choose to use a passcode instead. The length of the passcode is also important. A 4-digit one is extremely easy for a computer to guess, but the more numbers you add the harder it becomes to unlock.
To get an idea of how secure a longer passcode is, while a 4-digit code might take 7 minutes to crack, a 10-digit one might take 12 years. You also have the option to set an alphanumeric code on your iPhone, which also adds extreme security.
If you’re not too worried about someone getting into your iPhone and you don’t really store any sensitive information on it, Face ID should be enough for you. And if you ever feel like you want more security, you always have the option to change your Face ID and passcode settings within your iPhone’s settings.
No method is completely safe
Of course, no matter what method you use to protect your phone, nothing is completely impenetrable. There will always be ways to compromise a security measure. It is simply a matter of finding out which ones are least likely to happen.
In the case of iPhone authentication, it’s pretty clear that using a long and complicated passcode is your best bet for security. But if you’re not very serious and need something easy, Face ID is perfectly suited to use.
It is highly advisable to use a method that is as safe as possible, because, as they say, it is better to be safe than sorry. Almost everyone uses their phone for important tasks with sensitive data, such as banking apps, saved passwords, or other personal information. Even if you don’t think it can happen to you, phones are being stolen all the time. Whichever method you choose, be sure to choose at least one.