How secure is 'face unlock'?


From PINs and passwords to fingerprints, manufacturers are always looking for new ways to secure our phones – and ‘face unlocking’ is the latest development. But can you trust the technology– and can it really be tricked by a selfie? 

Mobile security has always been important. But today, with services like Android Pay and Apple Pay turning our phones into extensions of our wallets, it’s a bigger deal than ever. 

In recent years, fingerprint unlocking has become a core feature of high-end phones. And it’s not hard to see why: it combines reliable security with effortless ease of use. But face unlocking promises to be even simpler – after all, what could be easier than looking at your phone?

But easier doesn’t mean safer. Your face might be as unique as your fingerprint – but it’s also much easier to represent in photos or videos. And following reports that face unlocking can be fooled by something as simple as a selfie, we have to ask: is the technology really safe? 

Today, we’ll be taking a look at the two most notable face unlocking systems to find out. 


Samsung's Facial Recognition


Samsung’s flagship Galaxy S8 smartphone comes with the traditional fingerprint scanner on the back of the device, but it also introduced a new feature: facial recognition. 

But while it’s undoubtedly a quick and convenient way to unlock your phone, it’s nowhere near secure enough to protect your most important data. 

Shortly after the S8 was released, videos surfaced showing the phone’s facial recognition system being fooled by simply holding a photo of the owner’s face up to the screen. And the version in the company’s new Galaxy Note 8 doesn’t seem to be any more secure: a video posted to Twitter shows a test device being fooled by a selfie

Given all that, we have to conclude that Samsung’s facial recognition technology is pretty weak – and shouldn’t be relied on for anything. 

To be fair to Samsung, they’ve never claimed otherwise. Significantly, the technology can’t be used with Samsung Pay: you’ll need to use the S8’s fingerprint scanner or its slower, more secure iris recognition for that. 

Instead, Samsung describe Facial Recognition as being “a convenient action to open your phone – similar to the 'swipe to unlock' action”. But this might not be obvious to everyone – so if you’re an S8 (or Note 8) fan, do make sure you’re not relying on Facial Recognition alone to protect your device.


Apple's Face ID


Apple aren’t the first company to introduce face unlocking – but their new ‘Face ID’ feature, coming with the new iPhone X this November, is a very different take on the technology. 

The biggest difference is that Face ID doesn’t rely on recognising a flat image of your face. Instead, it uses a series of sophisticated infrared cameras and sensors to scan a detailed 3D map of your features.

At a stroke, this solves the ‘defeated by a selfie’ issue: no matter how much a photo might look like you, it will always be a flat image – so there’s no chance of it fooling Face ID. And Apple even say they’ve worked with Hollywood special-effects consultants to ensure Face ID can’t be defeated by sophisticated masks.

In fact, Apple say it’s even more secure than the Touch ID fingerprint scanner. Announcing the technology, Apple said the odds of someone matching your fingerprint are about 1 in 50,000 – but with Face ID, the chances of an unexpected match are a staggering 1 in 1,000,000. 

Better yet, the new phone is always improving its map of your face as you use it, so it’ll adapt and learn what you look like, even if your appearance changes slightly – whether that’s down to a snazzy new hat or an experimental facial hair choice. 

Now, the iPhone X hasn’t been released yet – so at the moment, we can’t give it a full assessment…

But unlike Samsung, Apple are staking everything on Face ID: they’ve removed the fingerprint sensor entirely from the iPhone X. If nothing else, this means they’re confident the technology is secure enough to guard your wallet.


Our verdict


Face unlocking is a young technology – and right now, there’s no consistency in how it works on different kit.

But Samsung’s version of the tech shows the limitations of ‘traditional’ face unlocking methods. No matter how sophisticated, if it relies on a ‘flat’ image, it’ll always be at risk of getting tricked by a photo or video. 

As such, we simply can’t recommend it – or similar facial recognition systems – to protect your most important stuff. 

That said, Apple’s Face ID could be a real game-changer. We haven’t gone hands on with the technology yet – but it’s clearly more sophisticated and, we expect, much more secure. 

We’ll know for sure when the device lands on November 3. But in any case, a long, strong password or PIN is still the gold standard for security – and we wouldn’t recommend securing your kit with anything less. 


Latest articles

Not Available