a hand holding a smart phone that is using facial recognition technology

When it comes to building anything that contains sensitive data, whether it’s an app or a website or a smartphone, there’s always a tradeoff between convenience and security. Apple has long been known for its obsessive focus on designing frictionless user experiences but also its concern for user security.

Every iPhone since the 3GS has its own built-in cryptographic engine which uses the AES encryption standard, widely considered to be unbreakable by even the most powerful computers in the world. At the same time, Apple’s also been a pioneer at using biometric data to speed up the process of locking and unlocking your device. The first major step was introducing TouchID with the iPhone 5S. With the new iPhone X, Apple has completely removed the home button that also housed the TouchID scanner. In its place, Apple has introduced the FaceID system, turning your face into your password.

Why Use Your Face as a Password?

In short, convenience. The simplicity of holding your thumb against your iPhone replaced the already simple swipe-and-tap gesture of entering your passcode. With FaceID, all you need to do is look at your phone to unlock it. The same process can also be used to validate app downloads or Apple Pay purchases. For a company obsessed with ease and convenience, the appeal is obvious. “Nothing has ever been more simple, natural, and effortless,” Apple’s SVP of Worldwide Marketing Phil Schiller announced at the iPhone X’s reveal.

But is FaceID really as simple, natural, and effortless as Apple claims? And what about security?

How FaceID Works: Dots and Pixels

Facial recognition is a subfield of computer vision. We’ve looked before at how convolutional neural networks (CNNs) can be used to train algorithms that can recognize and categorize different objects according to how similar they appear to other objects.

The key to image recognition algorithms is their generalizability. The same principles that allow an algorithm to distinguish a sports car from, say, an apple, can also be applied to human faces. The main difference is that human faces tend to look very similar to one another, so the algorithm needs to be much more finely tuned. Being able to recognize that something is a face is very different from being able to recognize whose face it is, especially if one has to distinguish between similar-looking people, as anyone who’s ever struggled to keep their Baldwin brothers separate can attest. This is, at a very basic level, what Facebook’s facial recognition features are designed to do. If you’ve ever uploaded a photo to Facebook and seen it automatically tag everyone in it, you’ve seen the power of its facial recognition algorithm in action.

FaceID works a bit differently, however. In fact, it may have less in common with Facebook’s facial recognition algorithm than with the 3D imaging techniques used by Hollywood special effects artists to create convincing computer-animated faces, as when Industrial Light and Magic digitally resurrected the long-deceased actor Peter Cushing for Rogue One: A Star Wars Story. FaceID still relies on neural networks, but fed into those networks are a much more diverse set of inputs, including not just 2D camera pixels, but data from a proximity sensor and even a Minority Report-esque dot projector that, well, projects tens of thousands of dots onto your face in order to create a multi-dimensional model of your facial features. So when FaceID scans your face, it won’t just be looking for masses of pixels and comparing them against other masses of similar-looking pixels, it will be comparing the shape of your nose, the position of your eyes, and more. Your phone’s FaceID will improve its model of your face every time you look at your phone, so in theory it should get better and better the more you use it. Apple claims FaceID should recognize you even if you change your hairstyle or change glasses.

Is It Actually Secure?

In short: Maybe! According to Wired, previous facial scan systems were notoriously easy to bypass. Researchers found that simply holding up a print out of the owner’s face was enough to defeat one system. These sorts of tricks aren’t likely to work against FaceID’s 3D face maps, however. It also seems to be an improvement over TouchID. Where TouchID was found to have a 1-in-50,000 chance of unlocking for the wrong fingerprint, with FaceID it’s closer to 1-in-1,000,000.

That said, it’s not impossible to imagine that a dedicated spoofer could produce a 3D mockup of an owner’s face that’s convincing enough to beat FaceID. (In fact, researchers are already experimenting with 3D-printed heads.) Of course, most people won’t have to worry about someone producing a 3D-printed mockup of their face to break into their phone, but for people carrying around extremely sensitive or valuable information, such a scenario might give them pause.

OK, but what about your sensitive facial data? Is it possible for someone to steal that data and use it to unlock a device? On this point, there’s probably nothing to worry about. As with your passcode, Apple won’t store your facial data on any servers–they won’t even have access to it. All that data, like your passcode, is stored on an inaccessible piece of the iPhone’s hardware.

More to the point: Is FaceID more secure than a regular old passcode? Probably not.

The main advantage to using biometric data is its convenience: The user never has to remember or change a passcode because the user’s own body contains the passcode. The problem is that it’s hard to perfectly measure that biometric data: a slightly moist thumb creates a different thumbprint than a dry one, a face in shadow or at a slight angle looks different from a well-lit face shot from straight on. So any biometric system has to allow for some variation, which also creates room for false-positives. (By contrast, no smartphone would accept 12346 for a passcode that’s supposed to be 12345, even though 5 and 6 are “close.”)

What’s more, while the odds of FaceID unlocking for the wrong face are about 1-in-1,000,000, that’s still much worse than the odds of guessing a good six-digit passcode. For one, it would take years for even the fastest computers to try every possible six-digit combination, and they’d be locked out of the phone after just a few failed attempts.

Interested in Security or Computer Vision?

Given that FaceID isn’t even on the market yet, it’s much too early to say whether or not it’s going to be a success from either a convenience or a security standpoint. It’s possible that some kind of facial recognition system will be become the de facto standard for unlocking personal devices going forward, unless someone devises an even more effortless way for your phone to recognize you.

Until then, if you want to learn more about computer vision and convolutional neural networks, check out our series of articles on these important topics. Interested in learning more about mobile security? We’ve put together a high-level comparison of common smartphone encryption techniques. You can also hire a freelance security or machine learning expert.