I’ve seen some reviews where this can be beat with twins.
Requiring both Touch ID and Face ID (if technical hurdles could ever be overcome for Touch ID in glass) would likely make the iPhone even more secure than requiring just one biometric.
Not going to happen.
The more it is used, the better it will get at separating you from your evil twin. Apple will also carry on improving the tech for future iOS iterations.
There was no technical hurdle for putting TouchID under glass. Getting FaceID to work is way harder. Apple has already said that they stopped working on TouchID some time ago when they knew they could get FaceID to work.
Most importantly, Apple is unlikely to take up space and resources maintaining two biometric systems in one device when the new system is less likely to get spoofed than the old one.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm with @mrboba1, I don't see this as cheating. I'd even think that this would be the easiest way to trick the system since ML database is clear of any additional data it's learned about your face.
It’s cheating because that scenario would never occur in the real world (coming across a device that was just enrolled).
Ever wonder why so many of those YouTube videos of people fooling TouchID do so right after enrolling a finger? Because you have the best chance of tricking it right after enrollment. We have no idea how much harder it would be on a normal device that a person has used, where the biometrics have been fine tuned further
I am not surprised since Apple claims a 1 out of a million chances, and most identical twins will most definitely be part of that 1 million slice. The twins used by CNN are a much closer match than the ones shown in the Appleinsider video, which I can easily tell apart.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
Which I’m sure they did, which is why they stated that twins might break through. But I would be interested to see if they could still fool it after, say, a week.
Wow I didn't even blame Touch ID for not being able to tell the difference between an "evil" twin but this is very impressive. This must hurt a lot of the naysayers and doubters, I bet they're going to inspect that video frame by frame looking for something to grasp.
If I had an identical twin and if I didn’t trust him I’d not instigate its use in the first place. iPhone X still offers the traditional keypad system I assume?
I know Face ID isn't even officially out yet, but I want a Face ID Remote for my Apple TV so that just holding the remote means that apps, menus, Netflix user queues, music playlists, saved locations on videos, and other content switches to my user profile. Is that too much to ask? Probably, but who would've thought that we'd have this tech just a decade after the original iPhone launched?
Very impressive. Windows Hello, which uses RealSense technology from Intel and only ever stated a 1:100,000 in face recognition security (or 1/10th that of Face ID) faired very well with twin tests so I'll only be surprised if they don't do exceptionally well here. I think this tech is one where each increase in statistical accuracy increases its security exponentially.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
The software learns you the more you use it. The iPhone was handed to the sister right away. I don’t know if “cheating” is the right word but the situation was very very very impractical.
what are the chances:
1. You have a twin.
2. Your twin is identical.
3. You hand your new iPhone to your twin right after using it.
Edit:
Never mind. The test was crap. Looks like the first twin unlocked it. She looked directly at the iPhone as it was handed to her sister.
If I had an identical twin and if I didn’t trust him I’d not instigate its use in the first place. iPhone X still offers the traditional keypad system I assume?
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
Which I’m sure they did, which is why they stated that twins might break through. But I would be interested to see if they could still fool it after, say, a week.
I'd record every time its used to unlock and with multiple devices. Without looking at the code we can't get a feel for how the accuracy might grow (or even decrease). Even then I'd bet Apple wouldn't know without methodical testing. Maybe after unlocking a mere half dozen times the security is now increased dramatically, or maybe it takes 24 hours of normal use (dozens of times), or the week you mention, or maybe more than a month (a thousand successful unlocks).
Then there's the decrease I mention as the slow growth of facial hair or variances in water retention in the face could make it easier for a "twin' to bypass the system under ideal conditions.
And I suggested multiple devices for two reasons. One, variances in HW, ML, and AI with a unique scan can lead to different levels of accuracy. Two, as soon as a "twin" successfully accesses the device during a test (and possibly after failed access) that device is now tainted for future testing since Face ID will record that entry as a success.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Interesting.
In this test, the tried several different scenarios with the owner twin, so it was better trained by the time twin2 tried to spoof it.
But I still don’t think CNN cheated. I just think their scenario is unlikely to occur in real life.
I know Face ID isn't even officially out yet, but I want a Face ID Remote for my Apple TV so that just holding the remote means that apps, menus, Netflix user queues, music playlists, saved locations on videos, and other content switches to my user profile. Is that too much to ask? Probably, but who would've thought that we'd have this tech just a decade after the original iPhone launched?
Very impressive. Windows Hello, which uses RealSense technology from Intel and only ever stated a 1:100,000 in face recognition security (or 1/10th that of Face ID) faired very well with twin tests so I'll only be surprised if they don't do exceptionally well here. I think this tech is one where each increase in statistical accuracy increases its security exponentially.
I’ve suggested every Apple feature being on Apple TV but closed-minded people say it’s useless.
Although that new ring in the remote makes me very curious. I have a feeling the Apple TV team had TouchID planned there but was removed last minute.
The raised white ring around the Menu button on the new Siri Remote has been great for allowing me to more quickly orient the device without accidentally pressing the capacitance touch screen. I no longer need to use a cloth-elastic hair tie over the base of the remote.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
And that might be where Apple came up with the 1 in a million. Have the original twin unlock the phone just twice and see if the other twin can fool it. What happens with the second twin is her data is now included in the database, making it more difficult to tell the twins apart. Maybe Apple should change the initial enrollment process to require five unlocks to add more data points than just the initial enrollment did. Then lets see if the twin fools it. If she does, then the original twin needs to delete the first Face ID and recreate it and unlock 10 times then test again. This might bring the failure rate up to 1 in 10-100M, who knows. That said, we're talking about very identical twins fooling it while almost identical twins can't. That still is better than 99.999% of passwords being used. The latest John the Ripper password cracking word list contains 40M entries in 20+ languages and can also crack encrypted keys and password hashes. This makes passwords practically worthless so who cares if only very identical twins can fool Face ID.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
Not technically cheating, but certainly taking advantage of what is likely the most vulnerable circumstance for the twin test; that being right after a face is registered, before additional instances of face data are collected to refine the recognition dataset.
I’ve seen some reviews where this can be beat with twins.
Requiring both Touch ID and Face ID (if technical hurdles could ever be overcome for Touch ID in glass) would likely make the iPhone even more secure than requiring just one biometric.
That would be extreme overkill and ridiculous. Paranoia is a serious issue.
And right on cue we’re arguing about whether Face Id is a failure because it might be confused by identical twins. Why do we let the trolls control the narrative?
And right on cue we’re arguing about whether Face Id is a failure because it might be confused by identical twins. Why do we let the trolls control the narrative?
I don’t think anyone has said it’s a failure. What this has proved is that it’s better than Apple says it is.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
And that might be where Apple came up with the 1 in a million. Have the original twin unlock the phone just twice and see if the other twin can fool it. What happens with the second twin is her data is now included in the database, making it more difficult to tell the twins apart. Maybe Apple should change the initial enrollment process to require five unlocks to add more data points than just the initial enrollment did. Then lets see if the twin fools it. If she does, then the original twin needs to delete the first Face ID and recreate it and unlock 10 times then test again. This might bring the failure rate up to 1 in 10-100M, who knows. That said, we're talking about very identical twins fooling it while almost identical twins can't. That still is better than 99.999% of passwords being used. The latest John the Ripper password cracking word list contains 40M entries in 20+ languages and can also crack encrypted keys and password hashes. This makes passwords practically worthless so who cares if only very identical twins can fool Face ID.
I don’t think Apple needs to change the enrolment process. This is a highly contrived scenario.
How do we know that CNN didn't play us/Apple on that test? But being able to differentiate between identical twins using face detection is quite remarkable. Samsung's face unlock being fooled by a picture -- it's got a loooooong way to go. And so do a lot of other Android phones.
They cheated. They enrolled the first twin and immediately tried the second twin.
I'm curious, not challenging: how is this cheating?
FaceID and TouchID learn as you use it. Apple even states the accuracy of FaceID improves the more you use it. A device is the least secure immediately after enrollment as it hasn’t been used enough times for Apple to do their “fine tuning”.
A proper test would be to have the first twin use the phone for awhile and perform multiple unlocks until it’s working flawlessly. THEN you try to fool it with a twin.
Security should be tested from its weakest point to get a baseline.
Bull. It should be tested as intended.
When I buy a new router (or wireless camera or other connected devices) it comes with a default password. Should I test how easy it is to break into while retaining the default password? Or should I change the password right away?
Comments
Not going to happen.
The more it is used, the better it will get at separating you from your evil twin. Apple will also carry on improving the tech for future iOS iterations.
There was no technical hurdle for putting TouchID under glass. Getting FaceID to work is way harder. Apple has already said that they stopped working on TouchID some time ago when they knew they could get FaceID to work.
Most importantly, Apple is unlikely to take up space and resources maintaining two biometric systems in one device when the new system is less likely to get spoofed than the old one.
It’s cheating because that scenario would never occur in the real world (coming across a device that was just enrolled).
Ever wonder why so many of those YouTube videos of people fooling TouchID do so right after enrolling a finger? Because you have the best chance of tricking it right after enrollment. We have no idea how much harder it would be on a normal device that a person has used, where the biometrics have been fine tuned further
The twins used by CNN are a much closer match than the ones shown in the Appleinsider video, which I can easily tell apart.
But you don’t so no need to worry about this.
I’ve suggested every Apple feature being on Apple TV but closed-minded people say it’s useless.
Although that new ring in the remote makes me very curious. I have a feeling the Apple TV team had TouchID planned there but was removed last minute.
The software learns you the more you use it. The iPhone was handed to the sister right away. I don’t know if “cheating” is the right word but the situation was very very very impractical.
what are the chances:
1. You have a twin.
2. Your twin is identical.
3. You hand your new iPhone to your twin right after using it.
Edit:
Never mind. The test was crap. Looks like the first twin unlocked it. She looked directly at the iPhone as it was handed to her sister.
Then there's the decrease I mention as the slow growth of facial hair or variances in water retention in the face could make it easier for a "twin' to bypass the system under ideal conditions.
And I suggested multiple devices for two reasons. One, variances in HW, ML, and AI with a unique scan can lead to different levels of accuracy. Two, as soon as a "twin" successfully accesses the device during a test (and possibly after failed access) that device is now tainted for future testing since Face ID will record that entry as a success.
In this test, the tried several different scenarios with the owner twin, so it was better trained by the time twin2 tried to spoof it.
But I still don’t think CNN cheated. I just think their scenario is unlikely to occur in real life.
Bull. It should be tested as intended.
When I buy a new router (or wireless camera or other connected devices) it comes with a default password. Should I test how easy it is to break into while retaining the default password? Or should I change the password right away?