Face ID is incredibly advanced facial recognition biometrics. Just glance at the phone, and it unlocks. When it works, it is pretty smooth. But it’s got its quirks. Especially for new users. Face ID can be used to unlock your iPhone or iPad, to download apps, and use Apple Pay. The facial recognition software has replaced Touch ID on newer devices, which might put you off upgrading. After all, how do you know if Face ID is secure and how can you improve its security?
Apple claims that Face ID is as safe to use as previous biometrics. But you would like to make certain it’s reliable before activating it on your iPhone.
Fortunately, there are some very simple steps you can take to ensure no one can access your smartphone except you.
How Face ID works?
Until recently, facial-recognition technologies have either been very easy to trick or overly sensitive to environmental factors, which made them ineffective authentication factors.
But Face ID goes beyond just tracking motion from 2D video to actually mapping 3D environments, with a technique called structured light. Apple’s “TrueDepth” system projects structured IR light (30,000 dots) onto your face to measure the depth of various points, basically creating a 3D model.
This alone significantly improves the accuracy, and thus security, of Face ID’s recognition. Unlike past technologies, a picture or video alone will not fool a 3D facial scanner.
Apple also says you have to look directly at your phone for Face ID to kick in. This suggests the system looks for some eye or pupil movement, too. Finally, some facial-recognition systems also look for skin and texture indicators, which can improve recognition accuracy as well. Face ID does not. Therefore, Face ID is vulnerable to targeted attacks and you need to improve the level of its security.
Ways to Improve Your Face ID Security
You don’t need to be concerned about Face ID security, as long as you know how to limit it accordingly. You need to:
- Create a strong passcode to use as a safeguard.
- Disable Apple Pay and iTunes & App Store.
- Make sure you know which apps use Face ID.
- Learn how to quickly disable Face ID.
- Enable “Require Attention”.
- Turn on Find My iPhone.
- Check what you can access through the lock screen.
Face ID is a great tool but you can still deactivate it; go to Settings >> Face ID & Passcode >> Reset Face ID.
1. Create a Strong Passcode
As you should have already gathered, your phone still needs a passcode to work in conjunction with Face ID.
The most obvious reason is that, sometimes, your iPhone doesn’t recognize your face. You might be holding it at an odd angle, look notably different, or have the required detectors covered. In most of these cases, however, you can simply turn your phone away then point it back towards you, and it’ll unlock.
But there’s a more important argument for having a strong passcode: every time your phone restarts, it needs that authentication. Face ID won’t work when you turn the power back on. We’ll come back to why this safeguard is important.
To make your passcode stronger, go to Settings >> Face ID & Passcode, enter your current one, then click on Change Passcode. Your phone should automatically suggest you use a six digit code, rather than the standard four digit PIN. Otherwise, go to Passcode Options then either Custom Alphanumeric Code or Custom Numeric Code.
2. Disable Apple Pay Authentication
There’s a fine line you have to tread between accessibility and security. If you use Apple Pay, you should favor the latter, which is why you shouldn’t authorize payments through Face ID.
Apple Pay works in the same way contactless credit and debit cards do: the near-field communication (NFC) chips in your device can be read by payment terminals. Apple Pay is safer than you may think; still, it’s easy to get carried away using contactless.
Limits are subject to country, but caps have been lifted across numerous places. Apple advises that you might need to provide a signature for purchases over $50.
Go to Settings >> Face ID & Passcode, and look at “Use Face ID For:”, which lists everything you can use Face ID to authenticate. Untick Apple Pay. Without it, you can use the app with your passcode. You should also untick iTunes & App Store. These similarly can take money from your account, so why risk it?
3. Manage Apps
While you’re there, you should check which other apps utilize Face ID and question whether it’s necessary.
Various services have already jumped on the bandwagon, some to authorize payments and others to keep your privacy. PayPal, for instance, is a good example of the former.
But the Notes app can use Face ID too. To keep a message private, click on the square icon with the arrow pointing upwards, found in the top right of a note. Click Lock Note. Whenever you want access to it, it’ll prompt you to use your passcode or Face ID for more security.
We’re sure more apps will start using Face ID in the future, so keep an eye on this. They should ask permission before doing so anyway. It’s worth re-evaluating app permissions on a regular basis.
4. Learn How Temporarily Disable Face ID
Lost Mode isn’t the sole way you can disable Face ID. You can lock it behind a passcode either remotely or while it’s in your hand.
The most useful method is by pressing down the Power button and either of the volume controls at the same time. You’ll see the screen to turn your phone off. If you power down, your passcode will be needed when it restarts. The same effect can be achieved simply by clicking Cancel. Alternatively, click on your Emergency SOS if the situation calls for it.
Face ID will also be disabled after five unsuccessful attempts to unlock or if it’s not been unlocked for more than 48 hours.
5. Enable “Require Attention”
Let’s say you’re looking elsewhere when someone steals your phone off a table and points it at you. It will unlock and they’ll gain access to your information. Equally, you could be asleep and someone could still use Face ID to get into your device. How can you stop this and improve your Face ID security?
Head back to Settings >> Face ID & Passcode and make sure Require Attention for Face ID is on.
This is an additional security feature for your Face ID which assesses whether you’re actually looking at your smartphone before it unlocks.
It works if you wear glasses, although performance might be hampered if they’re especially dark or reflective sunglasses. In most cases, you won’t have a problem.
6. Activate Find My iPhone
Find My iPhone is a feature that allows you to remotely lock and track your device. It’s to prepare you for the worst possibility: that your iPhone is lost or stolen. You’ll need to set this up in advance at iCloud.com to provide security for your Face ID.
This means that you can put your device in Lost Mode, which disables Face ID. No one can access your smartphone without your passcode. You can remotely add a customized message to the lock screen too, which might be instructions on how to get the iPhone back to you.
Even if you’re not wary about using Face ID, you should still use Find My iPhone for having more security.
7. Keep Data Off Your Lock Screen
This isn’t solely about Face ID. It’s about limiting what you can access from your lock screen. However, to tamper with this, you need to go to the Face ID & Passcode settings as before. Scroll to the bottom to find “Allow Access When Locked”.
Anything listed here can be opened without the need for facial recognition or your passcode. It increases usability if you can get onto your Control Center or check Today View (i.e. widgets like News and Weather).
Yet there are lots of options and one in particular should alarm you: Wallet, which includes Apple Pay. At the very least, you need to untick this. It speeds up the process of paying for items, but do you really want to risk this capability falling into the wrong hands?
By toggling these settings, you’re highlighting the need for Face ID.
The Bottom Line
In this article we discussed about face ID security and the ways to improve its security. Hope this tutorial helps you meet your needs.
Moreover, if you do have data that sensitive or valuable, you’re likely taking extra steps to secure that information. This is not the sort of thing that can be done quickly to random strangers. Face ID hasn’t been hacked yet, but realistically, it will probably end up susceptible to the same kind of attacks as Touch ID.
What it all comes down to is one of the truisms of security. No method of authentication will ever stand up to a sufficiently determined hacker and attacker. There are always flaws that can be used. It’s just a matter of how easy they are to take advantage of. So we can say “better safe than sorry”.