FaceID and the Future of Frictionless Multi-Factor Authentication
Last week Apple announced the iPhone X has face recognition capability called Face ID as a method of unlocking phones instead of a passcode. This new feature has everyone talking about security and privacy of FaceID. Let’s start with the most talked about security and privacy concerns of Face ID:
For typical individual users, the main security problem of Face ID is when their phone gets stolen. All of us have sensitive personal information such as pictures, messages, and emails on our phone and we care about this information to remain private. We want to make sure that our data remains safe even if our phone is stolen. Also, if a thief can’t break into the stolen phone, they will have less incentive to steal it. Therefore, when it comes to Face ID, the question is how likely is it for a thief to unlock your phone? According to Apple, there is a one in a million chance that a random person that looks enough like you and to look at the phone to unlock the phone.
Let’s be honest, it is very unlikely for the thief to come back and force a person to scan their face to open their phone. And in that case, it really doesn’t matter which method a user is using to lock their phone, the thief is as likely to forcibly scan their fingerprint or enter their passcode.
Most of the privacy and security concerns of face recognition are based on previously discovered problems. People who are reluctant to trust Face ID is due to their perception that it is difficult to hide their face. There are pictures of them all over social media and internet, a hacker might be able to break into their phone using a photo or a 3D model of their face. The fact is that the face recognition technology has significantly improved over the past years. Face ID and many other available face recognition technologies in the market work diligently to recognize the live individual rather than a picture or model image, therefore, the margin of error is insignificant. As face recognition technologies advance, these security concerns start to fade away.
The most concerning of the Face ID privacy questions is about individuals trusting Apple regarding their biometric data. Following many recent hacks such as Equifax, Yahoo, Dropbox, and even iCloud, customers’ trust in companies to keep their information safe is deteriorating. Companies are becoming more aware of where and how they are storing sensitive information, this issue is becoming more important when it comes to biometric information because biometrics are irreplaceable. Individuals cannot simply change their biometric if it is hacked. Apple doesn’t store or transfer biometric information on their computer servers, biometric information is saved on the secure enclave in the phone, an isolated part of a phone’s internal memory. It is much less likely to get hacked. Additionally, since the data remains on the individual’s phone, there is no centralized database of biometrics that is tempting for hackers to access.
Face ID, like any new technology entering the market, is being treated with caution. But, keep in mind that most of these security concerns are not different than when Touch ID was introduced. It is only matter of time for Face ID to find its place in the market and become popular since there is no doubt that Face ID is very convenient for the user. All that the user has to do to securely access their phone is to look at their phone’s screen.
What does Face ID mean in terms of frictionless MFA?
NoPassword uses multiple biometrics such as face recognition, voice recognition, fingerprint, and patterns to replace passwords for all enterprise accounts, applications, and resources. It leverages advanced face recognition technologies to improve NoPassword Human and Hidden Multi-Factor Authentication (H2MFA).
Conventional MFA solutions focus on something you know (passwords), something you have (smart card, 2nd factor dongle), and in some cases something you are (fingerprint readers). Something you know and something you have make it inconvenient for users to log in and it is easily compromised by hackers. NoPassword frictionless MFA focuses on the something you have (mobile device) and something you are (biometrics). Users have to enter their biometrics and the NoPassword app will perform the multi-factor authentication without disturbing the user. The app will extracts hidden features from the phone and authenticates users locally based on all these features behind the scene. And then it federates the user’s identity across all enterprise resources. While NoPassword is designed with user’s privacy and security in mind, user’s experience is also an important part of the solution.
Face ID offers a secure login to a user’s smartphone and NoPassword leverages Apple’s technology and offers MFA solution to enable enterprise workforce and customers access all their applications and accounts from all their devices securely and conveniently. At NoPassword, we welcome advancements in biometric technology that end the reliance on inconvenience and unsecure password authentication. Learn more about privacy and security of NoPassword Human and Hidden Multi-Factor Authentication.
Author: Bam Azizi