In a newly released white paper, Apple has detailed how Face ID works. As a new form of authentication for iOS users, there have been lots of questions as users and businesses question whether the system can be fooled and how safe it is compared to other forms of authentication.
The full white paper [PDF] describes when Face ID is used and details some of the technical information behind the TrueDepth camera it uses.
For example, Face ID won't work if
- The device has just been turned on or restarted.
- The device hasn’t been unlocked for more than 48 hours.
- The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.
- The device has received a remote lock command.
- After five unsuccessful attempts to match a face.
- After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds
An interesting piece of information is the probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000, Apple said that number is 1 in 50,000 for Touch ID.
If your business is looking to deploy the iPhone X when it's released later this year, it's a good time to review your security policy and update it, particularly as it pertains to the use of biometrics.