And I would assume a feature like FaceID will only be available on Apple Silicon Macs.
Probably given what we know about the transition to Apple silicon, but there’s no reason it couldn’t be on an Intel Mac. MacBooks have had finger print sensors for a while now; what’s the difference between using one biometric vs another
Face ID could have unique hurdles compared to Touch ID. For a single-user device Face ID may be simple enough to implement but there could be problems with having unlimited users have unique facial biometrics that log into unique user accounts.
On the iPhone, Touch ID allows 5 unique finger prints which can be anyone's, but Face ID only allows for one face (although you can add another with the Alternative Appearance option). No idea if the Alternative Appearance option will reduce the security of the biometric when used by another person.
On my MBP I have multiple accounts and I use a different fingerprint for different accounts. This wouldn't be possible with Face ID, but it really doesn't need to be. What probably does need to be resolved is being able to have many users on the same device with different faces who may be a very close genetic match (especially if they are a younger person).
I don't know the technical details of how FaceID is implemented, but my assumption with both FaceID and TouchID is that iOS takes a set of parameters based on the scan and essentially creates a hash from them. MacOS wouldn't need to scan a random face and then figure out if it has an account associated with it; you would go to the appropriate log in screen and then it would can your face to see if it matches the login for that specific account.
iOS allows 2 'appearances,' now - both my wife and I can log in to my phone. I can't see that adding more should be that big of an obstical.
And I would assume a feature like FaceID will only be available on Apple Silicon Macs.
Probably given what we know about the transition to Apple silicon, but there’s no reason it couldn’t be on an Intel Mac. MacBooks have had finger print sensors for a while now; what’s the difference between using one biometric vs another
Face ID could have unique hurdles compared to Touch ID. For a single-user device Face ID may be simple enough to implement but there could be problems with having unlimited users have unique facial biometrics that log into unique user accounts.
On the iPhone, Touch ID allows 5 unique finger prints which can be anyone's, but Face ID only allows for one face (although you can add another with the Alternative Appearance option). No idea if the Alternative Appearance option will reduce the security of the biometric when used by another person.
On my MBP I have multiple accounts and I use a different fingerprint for different accounts. This wouldn't be possible with Face ID, but it really doesn't need to be. What probably does need to be resolved is being able to have many users on the same device with different faces who may be a very close genetic match (especially if they are a younger person).
I don't know the technical details of how FaceID is implemented, but my assumption with both FaceID and TouchID is that iOS takes a set of parameters based on the scan and essentially creates a hash from them. MacOS wouldn't need to scan a random face and then figure out if it has an account associated with it; you would go to the appropriate log in screen and then it would can your face to see if it matches the login for that specific account.
iOS allows 2 'appearances,' now - both my wife and I can log in to my phone. I can't see that adding more should be that big of an obstical.
It is a hash and you would be on that login. That account would also have to be logged in but locked or logged in and used to access another device, like Wallet, just as Touch ID does now.
None of that addresses the obstacles I mentioned. Having an alternate appearance doesn’t address the complications with Face ID for countless users all being stored on the same Secure Enclave. None of this is insurmountable but it does require additional work, planning, and cost over Face ID for iOS.
And I would assume a feature like FaceID will only be available on Apple Silicon Macs.
Probably given what we know about the transition to Apple silicon, but there’s no reason it couldn’t be on an Intel Mac. MacBooks have had finger print sensors for a while now; what’s the difference between using one biometric vs another
Face ID could have unique hurdles compared to Touch ID. For a single-user device Face ID may be simple enough to implement but there could be problems with having unlimited users have unique facial biometrics that log into unique user accounts.
On the iPhone, Touch ID allows 5 unique finger prints which can be anyone's, but Face ID only allows for one face (although you can add another with the Alternative Appearance option). No idea if the Alternative Appearance option will reduce the security of the biometric when used by another person.
On my MBP I have multiple accounts and I use a different fingerprint for different accounts. This wouldn't be possible with Face ID, but it really doesn't need to be. What probably does need to be resolved is being able to have many users on the same device with different faces who may be a very close genetic match (especially if they are a younger person).
I don't know the technical details of how FaceID is implemented, but my assumption with both FaceID and TouchID is that iOS takes a set of parameters based on the scan and essentially creates a hash from them. MacOS wouldn't need to scan a random face and then figure out if it has an account associated with it; you would go to the appropriate log in screen and then it would can your face to see if it matches the login for that specific account.
iOS allows 2 'appearances,' now - both my wife and I can log in to my phone. I can't see that adding more should be that big of an obstical.
It is a hash and you would be on that login. That account would also have to be logged in but locked or logged in and used to access another device, like Wallet, just as Touch ID does now.
None of that addresses the obstacles I mentioned. Having an alternate appearance doesn’t address the complications with Face ID for countless users all being stored on the same Secure Enclave. None of this is insurmountable but it does require additional work, planning, and cost over Face ID for iOS.
I suspect Apple wouldn't bother addressing a niche situation like that. You can always use the fallback of passwords for multiple accounts if you exceed what FaceId supports.
MacBooks and iMacs both have cameras builtin to the same physical container as their CPU. This makes Face ID possible for them. But the Mac mini and Mac Pro don’t work like that. So they won’t be eligible. There needs to be a secure path from the camera to the secure element.
With the higher bandwidth of USB or Thunderbolt, it is possible to have end to end encryption from the FaceID device to the CPU/T? silicon. People will probably complain about the high price of the FaceID device, however it is possible. Might need to plug it directly in to the computer.
I agree, Apple could put their own security silicon, i.e., a T# chip, in their own peripherals including monitors, mice, keyboards, and trackpads, (not to mention iPhones and Apple Watches) that allow end to end encryption. I can’t imagine why TB4, USB4, and WiFi would not allow for black channel secure connections as long as both endpoints are aligned around the same encryption and trust model. Sure sounds like low hanging fruit for Apple since they can control both ends.
MacBooks and iMacs both have cameras builtin to the same physical container as their CPU. This makes Face ID possible for them. But the Mac mini and Mac Pro don’t work like that. So they won’t be eligible. There needs to be a secure path from the camera to the secure element.
With the higher bandwidth of USB or Thunderbolt, it is possible to have end to end encryption from the FaceID device to the CPU/T? silicon. People will probably complain about the high price of the FaceID device, however it is possible. Might need to plug it directly in to the computer.
I agree, Apple could put their own security silicon, i.e., a T# chip, in their own peripherals including monitors, mice, keyboards, and trackpads, (not to mention iPhones and Apple Watches) that allow end to end encryption. I can’t imagine why TB4, USB4, and WiFi would not allow for black channel secure connections as long as both endpoints are aligned around the same encryption and trust model. Sure sounds like low hanging fruit for Apple since they can control both ends.
I don't think encryption is a bandwidth issue, but any seperation of identification peripheral from the protected device is a security vulnerability. Apple probably doesn't want to go anywhere near that.
MacBooks and iMacs both have cameras builtin to the same physical container as their CPU. This makes Face ID possible for them. But the Mac mini and Mac Pro don’t work like that. So they won’t be eligible. There needs to be a secure path from the camera to the secure element.
With the higher bandwidth of USB or Thunderbolt, it is possible to have end to end encryption from the FaceID device to the CPU/T? silicon. People will probably complain about the high price of the FaceID device, however it is possible. Might need to plug it directly in to the computer.
I agree, Apple could put their own security silicon, i.e., a T# chip, in their own peripherals including monitors, mice, keyboards, and trackpads, (not to mention iPhones and Apple Watches) that allow end to end encryption. I can’t imagine why TB4, USB4, and WiFi would not allow for black channel secure connections as long as both endpoints are aligned around the same encryption and trust model. Sure sounds like low hanging fruit for Apple since they can control both ends.
I don't think encryption is a bandwidth issue, but any seperation of identification peripheral from the protected device is a security vulnerability. Apple probably doesn't want to go anywhere near that.
FaceID isn't just a webcam. FaceID is the webcam, control of the webcam, output of lasers, measurements of the lasers, and maybe a seperate infrared video for the veins. The webcam will have to be much higher resolution and thus more bandwidth alone. This means the FaceID device will require higher memory and processing power to encrypt all this. This means the total bandwidth will be much higher. Also all this increases the cost.
MacBooks and iMacs both have cameras builtin to the same physical container as their CPU. This makes Face ID possible for them. But the Mac mini and Mac Pro don’t work like that. So they won’t be eligible. There needs to be a secure path from the camera to the secure element.
With the higher bandwidth of USB or Thunderbolt, it is possible to have end to end encryption from the FaceID device to the CPU/T? silicon. People will probably complain about the high price of the FaceID device, however it is possible. Might need to plug it directly in to the computer.
I agree, Apple could put their own security silicon, i.e., a T# chip, in their own peripherals including monitors, mice, keyboards, and trackpads, (not to mention iPhones and Apple Watches) that allow end to end encryption. I can’t imagine why TB4, USB4, and WiFi would not allow for black channel secure connections as long as both endpoints are aligned around the same encryption and trust model. Sure sounds like low hanging fruit for Apple since they can control both ends.
I don't think encryption is a bandwidth issue, but any seperation of identification peripheral from the protected device is a security vulnerability. Apple probably doesn't want to go anywhere near that.
FaceID isn't just a webcam. FaceID is the webcam, control of the webcam, output of lasers, measurements of the lasers, and maybe a seperate infrared video for the veins. The webcam will have to be much higher resolution and thus more bandwidth alone. This means the FaceID device will require higher memory and processing power to encrypt all this. This means the total bandwidth will be much higher. Also all this increases the cost.
Another reason why they probably won't do it.
And again, I don't think the lack of an external FaceId camera is a bandwidth issue; while it may require more bandwidth than a standard webcam they've had enough for years.
Comments
iOS allows 2 'appearances,' now - both my wife and I can log in to my phone. I can't see that adding more should be that big of an obstical.
None of that addresses the obstacles I mentioned. Having an alternate appearance doesn’t address the complications with Face ID for countless users all being stored on the same Secure Enclave. None of this is insurmountable but it does require additional work, planning, and cost over Face ID for iOS.
And again, I don't think the lack of an external FaceId camera is a bandwidth issue; while it may require more bandwidth than a standard webcam they've had enough for years.