Apple says Face ID securely unlocks iPhone X with a simple glance but does not replace the passcode. With Face ID enabled, the iPhone X will immediately lock when the side button is pressed and it also locks every time the device goes to sleep.
Apple has shared more details of the Face ID facial recognition system ahead of the general availability of iPhone X in November. In a detailed six-page white paper, Apple explains how Face ID works and sthe ecurity aspects of the system as a biometric authentication.
The security paper starts with how Face ID securely unlocks iPhone X with a simple glance. It details the advanced imaging system enabled by the TrueDepth camera to accurately map the geometry of a user's face. "Face ID confirms attention by detecting the direction of your gaze, then uses neural networks for matching and anti-spoofing so you can unlock your phone with a glance. Face ID automatically adapts to changes in your appearance, and carefully safeguards the privacy and security of your biometric data."
Apple further explains that in order to use Face ID, iPhone X owners must first set up a passcode to unlock it. Face ID doesn't replace the passcode but simplifies the process of unlocking the device. "Face ID makes using a longer, more complex passcode far more practical because you don't need to enter it as frequently."
iPhone X users can always use passcode to unlock their device, but the biometric authentication falls back to passcode under following circumstances:
With Face ID enabled, the iPhone X will immediately lock when the side button is pressed and it also locks every time the device goes to sleep.
On the security front, Apple reiterates that Face ID has a failure rate of 1 in 1,000,000 versus 1 in 50,000 for Touch ID. Face ID allows five unsuccessful match attempts before falling back to passcode (like during the demo at Apple Event). "The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate."
Face ID also works with Apple Pay to authenticate payments and Apple explains that in-store payments with Face ID will be authorised by confirming intent to pay by double-clicking the side button. Users then need to authenticate using Face ID and place the iPhone X near the contactless payment reader. Payment within apps and on the web can be authenticated by double-clicking the side button to confirm the intent and then authenticating using Face ID to make payment. Face ID data, like Touch ID before it, will be stored in a secure enclave on the device and Apple says it will never be backed up to iCloud or anywhere else. However, iPhone X users can allow Apple to use their Face ID data by agreeing to share Face ID diagnostic data.
The full white paper has more details on how Face ID can be integrated with third-party apps using system-level APIs and how it unlocks an iOS device securely. Face ID is one of the big selling points of iPhone X and Apple is making sure consumers are not concerned about it ahead of its availability.