Companies like Apple and Samsung are replacing fingerprint scanners on smartphones and tablets with facial recognition systems. While that makes design sense, does it also make security sense?
What’s driving this change is the desire to make a premium phone with what is known as ‘edge-to-edge’ display. This means the front of the phone is just screen, f
On the Galaxy S8 and others
The other possible solution is integrating the sensor into the screen itself. That has turned out to be no simple thing.
First, they need special screens to do this. Second, sensing the fingerprint beneath the glass of the display makes it significantly harder to get the quality of the image needed.
Until that issue is solved companies are turning to facial recognition to get the job done. Does it?
Unfortunately, there are problems inherent in both technology and faces that suggest the answer is no.
The first is that unlike fingerprints, faces change. This can be the result of age, facial hair, illness, and/or gaining weight, it doesn’t matter – they all make it more difficult for facial recognition to work well. And this is before you get into the very well-documented problems facial recognition has with race and gender.
On the technology side, the big problem comes down to lighting.
Cameras on the screen side of phones aren’t as powerful than those on the back. This makes them more reliant on good lighting to produce a quality image. Backlighting in particular poses a big problem.
Apple’s iPhone X used special illuminators to counter this with varying degrees of success in its FaceID system. Some reviewers reported having problems using it in direct sunlight but noted that overall it performed better than expected.
Samsung is hoping to improve facial recognition by including a type of iris scanner with its latest devices. The entire system is named “Intelligent Scan” and includes what the company calls Eyeprint Verification.
It works by first scanning your face and then moving on to the iris if authentication initially fails. If conditions aren’t great for using either of those, it then combines them to unlock your device. It isn’t clear from the company’s literature whether this system uses true iris scanning, which is very secure.
However, it is telling that the company is choosing to include a second biometric recognition element rather than just relying on facial.
Facial recognition is likely the easiest type of biometric to spoof. Early versions on phones were fooled by a photograph.
Apple’s FaceID now uses 3D depth maps to register and verify the physical features of the device holder. This makes it considerably harder to fool at it requires hackers to reproduce a physical representation of a target’s face. It also uses machine learning to analyze your expression whenever it sees your face, this allows it to determine whether it’s an authentic unlock attempt.
Further, it doesn’t work if you’re not awake. Even with all that Apple still provides another security check, requiring a good, old-fashioned pin code to prevent someone from
The ubiquity of photographs means that likely as not there’s a photo of you on the internet, accessible by anyone who cares to look for it. Because phone cameras keep improving it is even likely that these photos are high-resolution. That makes it much easier for someone you don’t know to develop a spoof that can fool a facial recognition system.
By contrast, few of us have fingerprint images available online and far, far fewer (possibly none) of us have iris or retinal scans online.
All of this is why people should definitely hesitate before going over to any system that relies solely on facial recognition. Facial works best a part of a multi-factor authentication approach. Even then, though, it is a far weaker factor than either fingerprints or iris and retinal scanning.