The idea of locking your phone up using such sensitive information as your facial features might feel a little unsafe. Where is the data on your face ID stored? Does it actually help you keep your iPhone secure? Does using Face ID mean you’re now part of a facial recognition database? Is Face ID safe to use?
Face ID has been touted by Apple as the best biometric security measure you can use. It’s easy too, as you don’t need to remember anything to simply look into a camera.
There is, of course, the option to add a passcode to your phone (and it’s required to use one even if you enable Face ID, just in case it doesn’t work), so how much more secure is Face ID compared to that?
The truth is, you don’t need to be overly worried about using the feature, and here’s why.
How Apple Stores Your Face ID
The data created on your face when you first make your Face ID never actually leaves your iPhone. It’s definitely not added to any databases, stored in a server, or sent anywhere else. Instead, it’s kept in a processor on your iPhone, separate from the main processor, called the SEP, or secure enclave processor.
Furthermore, an actual representation of your face isn’t actually saved (such as a picture or 3D model) but instead the mathematical data of your Face ID is stored to memory. So, if someone was somehow able to get into this SEP, they wouldn’t see your actual face, just the numbers that represent it.
The main iPhone processor never obtains this data, it only recognizes whether or not the SEP says your face matches the data stored there. So, now that you know your face is safe, you might wonder how secure using the feature actually is.
How Secure Is Face ID?
As far as actually keeping your phone locked up, is Face ID a better option than just a passcode? Face ID, as well as Touch ID, the other biometric security method Apple has used for older devices, have been shown to be pretty tough to crack.
The issue comes if someone were to go to some length to create fake versions of your face in a 3D model in order to get into your phone. And once your identity has been compromised in this way, you wouldn’t really be able to go back to using your face as a security measure again.
However, situations like these don’t really need to worry you unless you’re someone high-profile, or have extremely sensitive data on your phone that someone could want. And if any thief tries to steal your phone, most of the time they won’t care much about it if they see it’s already secured by other measures. Most petty thieves don’t want to go through the hassle of trying to unlock your phone.
Though if they were determined, it is possible they could force you to look at your phone in order to open it. In this case, Face ID is essentially useless because it’s easy for an attacker to put your face up to your phone. So is there a better option for securing your phone?
Try Using a Long Passcode Instead
While using Face ID is better than using nothing, you’ll always have better security if you opt to use a passcode instead. Length of the passcode matters, too. A 4-digit one is extremely easy for a computer to guess, but the more numbers you add the more difficult it becomes to unlock.
To get an idea of just how secure a longer passcode is, while a 4-digit code could take 7 minutes to crack, a 10-digit one could take 12 years. You also have the option to set up an alphanumeric code on your iPhone, which adds an extreme amount of security as well.
If you’re not too worried about someone breaking into your iPhone, though, and don’t really store any sensitive information on it, Face ID should be enough for you. And if you ever do feel you want extra security, you always have the option to change your Face ID and passcode settings within your iPhone’s settings.
No Method is Completely Secure
Of course, no matter what method you use to secure your phone, nothing is completely impenetrable. There’ll always be ways to compromise a security measure. It’s simply a matter of finding which ones are least likely for this to happen.
In the case of iPhone authentication, it’s pretty clear that using a long, complicated passcode is your best bet for security. But if you aren’t very serious about it and need something easy, Face ID is perfectly fine to use.
It’s highly advisable to use as secure of a method as possible though, because as the saying goes, it’s better to be safe than sorry. Nearly everyone uses their phone for important tasks with sensitive data, such as banking apps, saved passwords, or other personal information. Even if you don’t think it could happen to you, phones get stolen all the time. Whatever method you choose, make sure you do at least choose one.