The phones should offer the trifecta of Face ID, Touch ID and password. All three at once would be optimal from a security and legal standpoint.
That would be pointless drudgery for most users. The whole purpose of FaceID is to provide a method of truly securing one's phone that doesn't require memorizing a gobbledygook password.
Correction: That doesn't require entering a gobbledygook password.
You still have to memorise it, as it needs to be entered periodically (such as after a restart).
As you mention, multiple biometric options give the user advantages. Flexibility is great to have.
It's a shame that a FaceID 'light' wasn't released for the 8 Series.
No it isn't. I find your POV curious as you don't even use iPhones, but as an actual iPhone user, it's not a shame at all.
What do iPhones have to do with the idea?
This is about the idea of having multiple biometric options on the device to offer choice and flexibility.
Having an iPhone or not is the least of anything. I can speak because my phone has two biometric options.
There’s no way having both options wouldn’t make the XS even more expensive than it is. And Apple’s not really known as a company offering choice, they’re the company that’s supposed to make what they think is the best decision on behalf of the user.
I thought it was well known that Apple did consider Touch ID in concert with Face ID. According to John Gruber back in September 2017:
“There were, of course, early attempts to embed a Touch ID sensor under the display as a Plan B. But Apple became convinced that Face ID was the way to go over a year ago. I heard this yesterday from multiple people at Apple, including engineers who’ve been working on the iPhone X project for a very long time. They stopped pursuing Touch ID under the display not because they couldn’t do it, but because they decided they didn’t need it.”
I understand that there are some edge cases for Touch ID, but after using Face ID for a couple of months I would never want to go back to Touch ID. Face ID simply works so much better and faster than Touch ID, with or without eyewear including sunglasses.
Try it with a full face crash helmet. Then you will see what a PITA it is especially when you have long passphrases.
The phones should offer the trifecta of Face ID, Touch ID and password. All three at once would be optimal from a security and legal standpoint.
That would be pointless drudgery for most users. The whole purpose of FaceID is to provide a method of truly securing one's phone that doesn't require memorizing a gobbledygook password.
The fact that a Face or Touch ID secured phone might as well not be locked at all to law enforcement doesn't even impinge on most people's awareness, and even if it did, many wouldn't care.
The fact that the average person can be compelled to unlock their device by law enforcement is unimportant... until it isn’t.
“So, you’re claiming you weren’t speeding? Your insurance company had the law rewritten so your GPS information can be extracted and shared with them. Your insurance coverage depends on your cooperation. Oh, and while we’re at it, we’re authorized by the DMCA to check if all of the music and audio files on your phone are legally purchased. Relax. You’ll be here awhile while we look. It’s for the greater good of society.”
I thought it was well known that Apple did consider Touch ID in concert with Face ID. According to John Gruber back in September 2017:
“There were, of course, early attempts to embed a Touch ID sensor under the display as a Plan B. But Apple became convinced that Face ID was the way to go over a year ago. I heard this yesterday from multiple people at Apple, including engineers who’ve been working on the iPhone X project for a very long time. They stopped pursuing Touch ID under the display not because they couldn’t do it, but because they decided they didn’t need it.”
Isn’t he suggesting Touch ID under the display was a plan B option if they couldn’t get Face ID to work?
I understand that there are some edge cases for Touch ID, but after using Face ID for a couple of months I would never want to go back to Touch ID. Face ID simply works so much better and faster than Touch ID, with or without eyewear including sunglasses.
Agree. I love Face ID as compared to Touch ID. Much faster, easier and more intuitive. I do have one pair of sunglasses that work fine and another that must be lifted up to expose my eyes. Can't really tell by just looking, but they must be slightly darker or reflective than the pair that works without lifting.
With either method, I do wish there was an option to not have to unlock individual apps once my phone is unlocked.
It's almost certainly related to infrared reflectivity. Some sunglasses block infrared, others let it through. The ones which let it through would look to Face ID like frames with no lenses. The ones which block it would instead be opaque, keeping it from seeing your eyes (and possibly other landmarks it uses to build the high-resolution facial model.
The phones should offer the trifecta of Face ID, Touch ID and password. All three at once would be optimal from a security and legal standpoint.
A legal standpoint? What on earth are you talking about? Double biometrics is silly; it's called two-factor authentication, not three-factor.
In the United States, a password is considered testimonial evidence and is therefore subject to fifth amendment protection against self-incrimination. Requiring a passcode in addition to biometrics would therefore provide better confidentiality from a legal standpoint.
The statement that "Double biometrics is silly" betrays a lack of understanding of exactly how biometric security works. The biggest thing to remember is that a biometric only identifies a user. The biometric itself must be authenticated. That is, the sensor tries to ensure the fingerprint it has been presented is from a real finger attached to a real, living person. Connecting two or more identifiers to the same person and ensuring both are authentic is a valid way of increasing the security of a system. Think of it like authenticating a painting someone "found". You don't check just one physical property of the painting and make the decision. You check pigments, suspension, canvas, frame material, stretching technique, and more.
On top of this, there are only two real authentication types information systems support: symmetric (passwords) and asymmetric (public/private key pairs). The whole "know, have, are" model of authentication is dangerously misleading.
I don’t trust Face ID. The type of infrared lasers (VSCEL) that Face ID beams directly into your eyes may not be without risks.
Sure, infrared light emits less energy than normal light, but our eyes have not evolved to deal with concentrated laser dots of IR beamed directly into the cornea, vitreous humor, lens, and retina. There have been no (zero) long term studies on their safety. And as far as I know, Apple has not released the precise power outputs of the Face ID beams - all they have said is that they comply with current safety standards. But government safety standards are always changing and being updated as new information comes to light (excuse the pun).
That’s why I would happily pay more for an iPhone with good old Touch ID - which works really well, is convenient and perfectly safe.
The phones should offer the trifecta of Face ID, Touch ID and password. All three at once would be optimal from a security and legal standpoint.
That would be pointless drudgery for most users. The whole purpose of FaceID is to provide a method of truly securing one's phone that doesn't require memorizing a gobbledygook password.
Correction: That doesn't require entering a gobbledygook password.
You still have to memorise it, as it needs to be entered periodically (such as after a restart).
True point.
Though in reality, most people who bother to use a gobbledygook password have it recorded elsewhere.
The phones should offer the trifecta of Face ID, Touch ID and password. All three at once would be optimal from a security and legal standpoint.
That would be pointless drudgery for most users. The whole purpose of FaceID is to provide a method of truly securing one's phone that doesn't require memorizing a gobbledygook password.
The fact that a Face or Touch ID secured phone might as well not be locked at all to law enforcement doesn't even impinge on most people's awareness, and even if it did, many wouldn't care.
The fact that the average person can be compelled to unlock their device by law enforcement is unimportant... until it isn’t.
“So, you’re claiming you weren’t speeding? Your insurance company had the law rewritten so your GPS information can be extracted and shared with them. Your insurance coverage depends on your cooperation. Oh, and while we’re at it, we’re authorized by the DMCA to check if all of the music and audio files on your phone are legally purchased. Relax. You’ll be here awhile while we look. It’s for the greater good of society.”
Yup.
One of the many reasons my phone is locked with a long password instead of Touch ID.
Even if insurance companies were successful in instituting policies requiring sharing of GPS information, they wouldn't be able to use law enforcement as agents for that sharing, because of the aforementioned Fifth Amendment issues. The police would still be constrained by that, and be unable to compel, except using their usual bullsh-t and intimidation techniques, someone to reveal their password.
"Deviation from the alignment of the biometric feature often results in a false negative result," states the filing. "As a result, a user is, optionally, required to unnecessarily perform multiple iterations of biometric authentication, or is, optionally, discouraged from using the biometric authentication altogether."
FaceID makes me want to throw my iPhone every time I go to unlock it. It is not a replacement for TouchID unless your attention is 100% on the phone.
Desk, gym, busy grocery line, most places. Failure prone and basically a gimmick at this point.
Comments
You still have to memorise it, as it needs to be entered periodically (such as after a restart).
“So, you’re claiming you weren’t speeding? Your insurance company had the law rewritten so your GPS information can be extracted and shared with them. Your insurance coverage depends on your cooperation. Oh, and while we’re at it, we’re authorized by the DMCA to check if all of the music and audio files on your phone are legally purchased. Relax. You’ll be here awhile while we look. It’s for the greater good of society.”
The statement that "Double biometrics is silly" betrays a lack of understanding of exactly how biometric security works. The biggest thing to remember is that a biometric only identifies a user. The biometric itself must be authenticated. That is, the sensor tries to ensure the fingerprint it has been presented is from a real finger attached to a real, living person. Connecting two or more identifiers to the same person and ensuring both are authentic is a valid way of increasing the security of a system. Think of it like authenticating a painting someone "found". You don't check just one physical property of the painting and make the decision. You check pigments, suspension, canvas, frame material, stretching technique, and more.
On top of this, there are only two real authentication types information systems support: symmetric (passwords) and asymmetric (public/private key pairs). The whole "know, have, are" model of authentication is dangerously misleading.
Sure, infrared light emits less energy than normal light, but our eyes have not evolved to deal with concentrated laser dots of IR beamed directly into the cornea, vitreous humor, lens, and retina. There have been no (zero) long term studies on their safety. And as far as I know, Apple has not released the precise power outputs of the Face ID beams - all they have said is that they comply with current safety standards. But government safety standards are always changing and being updated as new information comes to light (excuse the pun).
That’s why I would happily pay more for an iPhone with good old Touch ID - which works really well, is convenient and perfectly safe.
Though in reality, most people who bother to use a gobbledygook password have it recorded elsewhere.
One of the many reasons my phone is locked with a long password instead of Touch ID.
Even if insurance companies were successful in instituting policies requiring sharing of GPS information, they wouldn't be able to use law enforcement as agents for that sharing, because of the aforementioned Fifth Amendment issues. The police would still be constrained by that, and be unable to compel, except using their usual bullsh-t and intimidation techniques, someone to reveal their password.
FaceID makes me want to throw my iPhone every time I go to unlock it. It is not a replacement for TouchID unless your attention is 100% on the phone.
Desk, gym, busy grocery line, most places. Failure prone and basically a gimmick at this point.