According to the Forbes article, No, Apple's Face ID Is Not A 'Secure Password', Face ID may not be the best method of security when it comes to the iPhone. Apple just launched their new iPhone X, which at a whopping $999 price tag, is meant to be held at a higher standard due to some new features. Apple's goal is to use biometrics in order to make unlocking your phone more difficult and thus more secure. As stated in the article, "your fingerprints and face are a 'biometric', a measurable biological characteristic. The main benefit of biometric security is obvious: if a thief can't use a phone because it's secure, they have less incentive to steal it". But unfortunately, that simply isn't how the world works.
Especially as MIS students, technology allows us to do more but it also ignites some intrigue about our abilities to surpass certain security measures. While I personally wouldn't go this far to unlock someone's phone, this article states that people are finding ways around the biometric security measure that face ID tries to avoid. "At a 2016 Usenix Security Symposium, a University of North Carolina team described how they collected pictures from social media to create animated 3D models in virtual reality, which were used to bypass face recognition. Some security researchers aim to unlock iPhone X by 3D-printing a head". Though a little humorous that people would make physical heads in order to unlock a phone, it also is a bit frightening just how far people will go to avoid security measures.
Based upon this, is it really worth $999 to have a phone with a facial recognition that a.) might not work right in the first place, and b.) is still just as capable of being broken into? The price tag is fairly high because Apple deems this a worthy feature of the cost, but now we know there are still ways to work around face ID.
While it is certainly interesting that technology is capable of doing this sort of thing, it is also a bit frightening. As technology continues to progress, so does the progression of knowledge and sometimes the heightened desire by some to learn how to hack into systems that are supposedly 'more secure'.
Questions:
1. Would you still purchase the iPhone X? If so, does the ability to hack this feature deter or attract you to the product?
2. If face ID isn't the best way to secure a phone or technology, what would be better?
3. How can technology progress from this in order to make privacy and security stronger?
Article Link
Hi Stephanie,
ReplyDeleteI was just reading and watching videos about the iPhone X the other day. The facial recognition feature is cool and all, but I do not think it is worth the higher cost. I do want an iPhone X for several reasons, but the facial recognition / face ID sign-in capability is not one of them. If I had the phone, I would disable the feature and just use a password sign-in. The Face ID does not work in every situation, especially in places with bad lighting, and I do not want to look like a fool trying to get my phone to open.
Regarding security, it is important to emphasize that Face ID is a convenience feature, and is not as secure as a passcode. However, I read that Apple has released that their is a 1:1,000,000 chance of someone else being able to open your phone with their face (much more likely if they are a twin, family or remarkably close resemblance). This is much better than the 1:50,000 chance os someone else being able to open your phone with their fingerprint using Touch ID. Still, passcodes are recommended and it is likely that some organizations that issue company phones will have policies that restrict the use of Face ID.
Still, as the article points out, people can go as far as to print a 3D head to bypass this. While most people will probably not do this, it is possible if they the means and enough incentive to hack the target individual. This is why I imagine high-level business users and government users will not be allowed to rely on this feature. For the average user, however, I don't think they should worry.
I think the best way to secure a phone or technology is using multi-factor authentication. The factors are generally made up of: (1) something you know, (2) something you have, (3) something you are, (4) something you do. For instance, using a passcode (something you know) AND Face ID (something you are). I think this would be the best way to secure a phone for people that really need it such as government users. This extra step may be an annoyance but security should almost always takes priority over convenience or cost.