Don’t rely on Face Unlock to keep your phone secure

With Samsung’s Galaxy Note 8 arriving in stores soon, here’s an important reminder: Face Unlock isn’t anywhere near as good at securing your phone as a fingerprint. If you follow the tech news cycle, you’ve seen the stories: first following the release of the Galaxy S8 and now the new Note. The technology is easily fooled.

Sure, there’s a little bit of sensationalism and breathless reporting as the videos go viral, but they also serve as an important reminder to find better ways to lock down your phone, as these devices continue to play an even more centralized role in nearly every aspect of our daily lives.

The videos of people unlocking the phones are pretty easy to find online this week, as the phone makes its way into more people’s hands. I honestly had a bit of trouble recreating the two-phone trick using an image of myself, but I’ve reached out to Samsung and the company acknowledges that Face Unlock is, indeed, not the ideal way to keep your stuff secure.

In fact, the company likens the feature to a simple swipe to unlock in a statement given to TechCrunch, “Facial recognition is a convenient action to open your phone – similar to the ‘swipe to unlock’ action,” the company says. “We offer the highest level of biometric authentication – fingerprint and iris – to lock your phone and authenticate access to Samsung Pay or Secure Folder.”

Samsung’s been fairly transparent on the matter. A visit to the Security tab on the Galaxy S8 page, for example, notes by way of an asterisk that “Face recognition is less secure than pattern, PIN, or password.” It’s also worth noting that there’s a “Faster recognition” setting hidden behind a few menus (including the ominous message “Your face has been registered”). Turning it off “increase[s] security and make[s] it harder to unlock using an image or video.”

Though this appears to be on by default. In essence, Face Unlock is just an interesting alternative to leaving your phone in Swipe to Unlock mode, and another feature the company can add to its ever-growing list. But it doesn’t keep your phone particularly secure. 

The company probably could have (and still can) do more to be upfront on the relative security of the feature — or perhaps ditch it altogether, now that the more secure Iris Scanning is onboard these devices. Look for this issue to flare up again in the coming week — Apple, after all, is rumored to be introducing its own similar feature for the iPhone 8, and people will without a doubt start trying to fool it pretty much immediately. Even more devices will be adding it, as well, as Qualcomm works to standardize its own version across Android handsets.

Security levels will most likely differ from implementation to implementation. Aspects like depth sensing can add a fuller image of the data collected by the face scanner and thus make it more difficult to spoof with a two-dimensional print out or by holding up a picture of a person on an adjacent phone. Whatever the cause, companies need to be fully transparent about the efficacy of their given technology, and users need to keep a close eye on the fine print during the setup process.

Published at Wed, 06 Sep 2017 19:16:35 +0000