What You Need to Know about Face ID on the iPhone X

Apple’s new iPhone X does away with the Home button, which has been a fixture since the original iPhone and has long served as the Touch ID sensor. To replace Touch ID, Apple developed a new facial recognition technology called Face ID. With Face ID, the iPhone X scans your face to authenticate you instead of using your fingerprint. It is truly amazing technology, but we’ve been getting questions that we’d like to answer here. If you have others, get in touch!

How does Face ID work?

Magic. Well, close. As science fiction author Arthur C. Clarke said, “Any sufficiently advanced technology is indistinguishable from magic.” Face ID is cutting-edge technology that uses Apple’s TrueDepth camera system to project over 30,000 invisible dots onto your face. Then it illuminates your face with infrared light and takes an infrared image. Finally, it translates that image into facial recognition data that’s encrypted and stored within the iPhone’s Secure Enclave (the data never leaves your iPhone).

Face ID updates its mathematical representation of your face over time to keep up with how your appearance changes.

How secure is Face ID?

Extremely. Apple claims that Touch ID’s false positive rate—the number of people who would have to try logging in to your iPhone before someone would succeed randomly—is 1 in 50,000. In contrast, Apple says that Face ID’s false positive rate is 1 in 1,000,000. It can’t be fooled by a picture or a simple mask, although a high-enough quality 3D reproduction of your face might get past it, just as a sufficiently good cast of your fingerprint could fool Touch ID.

However, Face ID has trouble distinguishing between identical twins and siblings who have nearly identical features. So if you have an evil twin, stick to a Touch ID-based iPhone or your passcode! The probability of an incorrect match is also higher with children under 13, since their facial features haven’t become sufficiently distinct yet.

By default, Face ID works only when you look at the iPhone X—it can’t be unlocked by your face when you’re sleeping.

How fast is Face ID?

Not quite as fast as Touch ID in current iPhones, but fast enough that you likely won’t notice. When you pick up your iPhone X so you can look at it, Face ID will, in most cases, have already recognized you.

This quick recognition is possible in part because the iPhone X can start scanning early, thanks to iOS’s Raise to Wake feature and a new Tap to Wake feature that automatically wakes the iPhone X when you touch the screen.

What if Face ID doesn’t work?

First off, things like wearing a hat, scarf, or glasses won’t confuse Face ID, nor will growing or shaving a beard. Thanks to that infrared camera, it even works in complete darkness. However, Face ID does fail occasionally. One reason for a Face ID failure is holding the iPhone X too close to your face—this is easy to do accidently if you’re nearsighted and not wearing your glasses. (Some sunglasses prevent Face ID from seeing your eyes, but you can work around that problem by disabling Require Attention for Face ID in Settings > Face ID & Passcode.)

To make Face ID retry a facial scan, hold the iPhone X at a normal viewing distance, tilt it away from you, and then tilt it back to your normal viewing position. If that doesn’t work, or if you want to let someone else use your iPhone, enter the passcode. Entering the passcode is always an option.

Alas, unlike Touch ID, which let you enroll up to five fingers (so family members could unlock your iPhone without using the passcode), Face ID lets you have only a single face.

Can I use Face ID for anything besides unlocking?

Yes, Face ID completely replaces Touch ID, so you can use it to authenticate when you’re using Apple Pay, or the App Store or iTunes Store. Plus, apps that previously relied on Touch ID, such as the 1Password or LastPass password managers, will automatically use Face ID instead.

We hope Apple can make the hardware necessary for Face ID cheaply enough to bring it to other devices as well. Wouldn’t it be nice if you could walk up to your Mac and have it automatically unlock because it had recognized your face?

Twitter: Curious about Apple’s new Face ID technology in the iPhone X? We have answers to your questions!

Facebook: If you’ve been wondering how the iPhone X’s Face ID facial recognition technology works, whether it’s secure, how fast it is, and more, we have answers to your questions.

Watch Out for Phishing Attacks Hidden in Your Email

One of the most important things you can do to stay safe on the Internet is to be careful while reading email. That’s because online criminals know that we’re all busy, and we often don’t pay enough attention to what we’re reading or where we’re clicking.

To take advantage of our inattention, these Internet information thieves forge email messages to look like they come from the likes of Apple, Facebook, and Amazon, along with well-known banks, payment services, retailers, and even government agencies. Even more dangerous are messages that appear to come from a trusted individual and include personal details—these messages are often targeted at executives and company managers. Generally speaking, these attacks are called phishing—you can see examples here.

The goal? Get you to click a link in the message and visit a malicious Web site. That site usually continues to masquerade as being run by a company or organization you trust. Its aim is to sucker you into revealing confidential information by asking you to log in, pay for a product or service, or fill out a survey. The site—or an attachment in the email message—might also try to install malware. Although macOS is quite secure, if you approve security prompts, it can still be infected.

Although phishing is a huge problem that costs businesses hundreds of millions of dollars every year, you can easily identify phishing messages by looking for telltale signs:

  • Be suspicious of email messages, particularly from people you don’t know or from well-known companies, that ask you to click a link and do something with an online account.
  • Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages don’t use official domains, so instead of paypal.com, the addresses and links might use paypa1.com—close enough to pass a quick glance, but clearly a fake.
  • Watch out for highly emotional or urgent requests. They’re designed to make you act without thinking. Take any such messages with a grain of salt.
  • Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it won’t have multiple egregious errors.

So what do you do if you get a message that may be phishing for sensitive information? Most of the time you can just ignore it. If you’re worried that it might be legit, instead of clicking any links in the message, navigate to the site in question manually by typing the organization’s URL into your browser—use a URL that you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you aren’t expecting and never send confidential information via email.

If you think you’ve fallen prey to a phishing attack and given away a password, you’ll want to change passwords on any affected accounts. If you’ve opened any attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected. Contact us if you need help. And remember, regular backups protect you from a multitude of sins.

Twitter: Can you tell if you’ve been targeted by a phishing attack? Read on to learn how to identify malicious messages!

Facebook: Phishing attacks—email containing links that try to get you to reveal usernames, passwords, or credit card details—are all too common these days. Follow our advice to learn how to identify malicious messages.

Avoid Ransom Requests with a Unique iCloud Password

We’ve been hearing reports from people whose Macs have been locked remotely via Find My Mac, with the criminals responsible holding access to the Mac hostage until they receive a ransom in Bitcoin. First, if this happens to you, do not pay the ransom! Any Apple Authorized Service Provider or Apple Store can unlock your Mac for you if you bring it in and provide proof of purchase. Second, if you ever used your iCloud password on another site, change it immediately, since if that site was hacked, your iCloud account is now vulnerable. Unfortunately, Apple’s two-factor authentication, which is otherwise great, does not currently protect against this problem! Learn more at TidBITS.