How Apple DESTROYS Face ID

2022 and you still have to unlock your iPhone with Face ID… like an animal. Or Touch ID. Passcode. Password. Whatever. All just different flavors of animal. Why? Because authentication is still active. Your iPhone is locked until such time as you jump through a biometric or input field hoop to unlock it. Never mind if you’re wearing a mask and sunglasses, or gloves or your finger is damp, or your hands are full or you’re in a rush. Like hitting that subscribe button so we can build the best community in tech together rush.

So, what do you do? I mean, besides hitting the button and cursing in the comments, obviously. Well, if you’re Apple… If you’re Apple, maybe you destroy Face ID. At least as a single point of active authentication. And then you replace it, superset it really, no, not with Touch ID, but with something just way, way better. Magic ID… no, that’s a terrible name, like Tiberius. Smart ID. Let’s go with that! And stay with me here, because this could end up being your favorite new iPhone feature… basically ever!


So, to appreciate how ridiculously good Smart ID would be — they’re totaling going to call it Magic ID, aren’t they, sigh, damn, whatever — to appreciate how ridiculously good it would be, we first have to appreciate how ridiculously bad everything else has been so far. Starting with the OG iPhone and… nothing. Well, effectively nothing really. Swipe to Unlock, just so you didn’t accidentally butt dial someone thanks to having an active touch screen in your pants… or bag. But, if you wanted to, you could enable a 4-digit passcode to keep the riff raff out. From literally tweeting poopin’ if you ever left your phone on the bar.

But, as time went on, and the contents of our phones became more and more private, important, and valuable… Apple began to take authentication more seriously… even if the vast majority of us did not. Because, given the choice between security and convenience, most people chose convenience.

So, Apple bought a company called AuthenTech and began working on Touch ID, a biometric fingerprint identity scanner that would make authentication way more convenient. And more on that in a minute. But, basically, Apple figured if they made it way easier to unlock, they could make it way more attractive TO lock. Not only get more people to enable a passcode, but a stronger 6-digit passcodes, or damn-near adamantium password. Even add the option for auto-delete after 10 fails.

Because a 4-digit passcode was trivial to break. 6-digits, non-trivial but still brute force-able. A long, strong, unique password, especially something pseudorandom? We’re talking heat death of the universe. The occasional 0day bypasses, shoulder-surfing, or coercion not-withstanding.

But passcodes are still active. Passwords are actively user hostile. You have to remember them and enter them correctly, and that takes time. Doing it repeatedly and under stress takes a lot of time. And accessing our own phones shouldn’t be a job, much less a full-time one. And we shouldn’t be working for the machine, the machine should be working for us.

Touch ID

So, Touch ID. Starting with the iPhone 5s. You place your finger on the Home button, or now the power button on recent iPads non-Pro and Macs, triggering a capacitive sensor that scans your print, converts it to math, trashes the actual print, but sends the math down a hardware channel to the Secure Enclave on the Apple A-series or M-series chipsets, where it’s compared to the math of your registered fingerprint, and if they match, releases an authentication token to iOS. Which can unlock your device, unless you’re in the totally locked down PreBoard state, which then requires a passcode or password, but otherwise, even approve things like Apple Pay transactions.

Of course, Touch ID won’t work if you’re wearing gloves or if the moisture of your finger is different enough from when you registered your print, like if you just washed your hands or sweated them up in a workout, or if you burned or cut yourself. And if you’re asleep, immobile, or incapacitated, someone else can in close proximity — someone who knows or guesses which fingers you have registered — can use it to unlock without your consent. You just have to be alive enough for the capacitive sensor to trigger.

And it’s nowhere nearly as secure as a long, strong, unique password, but it’s just so much more convenient, especially if you’re unlocking your iPhone… never mind several times a day, but dozens and dozens of times an hour.

And while Touch ID has been replaced by Face ID on every iPhone but the SE, there HAVE been persistent rumors about Apple adding it back, specifically as an in-display sensor. Super specifically, as a large, acoustic and or ultra-sonic sensor covering most of the bottom of the display.

Only problem is, in button or in-display, either way, it’s still active. You still have to put your finger down for it to unlock or authorize you, every single time. Which might not sound like much, but it’s still moments from your day, slices from your life, and it’s still you working for the machine, not the other way around.

Face ID

So, Face ID. Starting with the iPhone X. You raise or bump it to wake, triggering the front-facing camera array to bathe your face in infrared light and an infrared dot pattern, which an infrared camera then uses to scan your facial geometry, similarly trashing the actual image, but converting it to math and sending it down the hardware channel to the Secure Enclave. But because, unlike finger prints, our hairstyles, facial hair, even fashions can and do change, and frequently, it uses neural networks to match and constantly update the matching process.

Now, previously, Face ID needed all the data from a triangle around your eyes, nose, and mouth to ensure a secure enough match. But, with masks hiding our noses and mouths, basically the opposite of the Batman, for much of the last two years, recent betas have leant more heavily on data from around our eyes, which makes it a little less secure, but offers the convenience of Face ID even with a mask on.

Besides masks, OG Face ID won’t work if sunlight is blinding the camera system, you’re wearing infrared blocking sunglasses, or it can’t see your eyes and attention mode is on, while new, optional Face ID is fine with masks but requires special training for glasses and won’t work with pretty much any sunglasses, or fuller face protection like Canadians, and yeah, the Batman, might wear for half the year or more. And if someone else gets your device and can trick or make you look at it long enough for the Face ID scan to complete, they can unlock it without your consent as well. No living capacitance needed.

So, sure, at its best, Face ID is even more secure than Touch ID, unless you’re dealing with an evil twin situation, but still nowhere nearly as secure as a long, strong, unique password. But also, at it’s best, it’s even more convenient, because it can unlock while you’re picking up your phone, which can make it feel almost transparent… almost… not active. Even though it still totally is. And any time you’re off-angle enough to have to pick it up or wake it first, you know it. Like Matrix Resurrected, you’re still working for the machine.

Voice ID

So, what else could Apple use? Well, how about Voice ID. Nuance, which was the part of the original back-end to Siri offered Voice ID services, including for banking apps, but it never really took off. Apple started doing basic Voice ID for hands-free Siri starting with the iPhone 6s, adding registration to the setup buddy experience. In the beginning it used the always-on capabilities of the sensor-fusion hub in the original M series of motion co-processors that… got integrated back into the A-series and beefed up considerably over time. Basically, when the mic picks up the activation phrase, which is restricted to “Hey Siri” and only that on Apple gear, it checks it against the local, on-device voice print you registered, and if they match, the system lights up. Previously, it would have to make a network connection to Apple’s servers to parse any and all requests, but as of last year, Apple is handling local requests on-device and only handing off to servers for internet-related requests.

Back in 2020, Apple even added multi-user Voice ID support to the Home Pod, so you could ask Siri to read out your messages instead of your partners or kids’. And all the potential hilarity and embarrassment that may cause.

Obviously, based on how many of your Apple devices I’m guessing I trigged when I said the activation phrase just before, it’s ok enough for basic disambiguation for a shared HomePod or iPhone out in public, but not for security against the whole wide world. Certainly not for, “My voice is my passport, verify me”.

Plus, If you get a bad cold, or lose your voice, or someone gets a recording for a replay attack, like in Sneakers, it can fall apart quick, and speaking a code word is as active as typing a password anyway, but… I’m building to something here.

Gait ID

The Apple Watch has been able to track motion for years now, like stair climbing, and more recently, falls while walking or even riding a bike. But last year, Apple added full-on gait analysis to the iPhone. It’s for health metrics and preventative therapeutic reasons, not for security, but it can still tell how you walk. Is it granular enough to tell your walk apart from someone else’s, like security-based gait-analysis systems work? I have no idea. And if you twist your ankle or tweak your back, it can be a problem. But it’s absolutely, potentially, another source for biometric data. A… gait ID, so to speak.

Trusted Object

But biometric data isn’t the only possibility. Authentication typically breaks down to three factors — something you know, like a password, something you are, like a finger print, and… or… something you have. Like a trusted object.

The problem with traditional trusted devices is that they were single-factor dumb Bluetooth dongles. So anyone could just grab the dongle or relay the Bluetooth and effectively become you. But Apple already has a really smart, really secure trusted object — the Watch.

Once you put it on and unlock it with your passcode or iPhone, it stays unlocked for as long as it can detect your heart rate. The minute it loses your heart rate, it locks up again. And since it can already be used to authenticate and authorize you on the Mac, and more recently, fill in for Face ID on your iPhone if you’re wearing a mask, Apple’s already built in strong defenses against relay and other attacks, including time of flight and automatic re-lock if the distance between your watch and iPhone suddenly grows too great. Like someone trying to run away with it.

It’s limited, because the iPhone can unlock the Watch so Apple has to be careful about the Watch also unlocking the iPhone, or paradox and the end of days, or just, you know, way less dramatically, collision and potential exploit, and you have to have a watch for any of it to work at all, but I’m treating this as gravy, not steak. Or frosting, not cake. Whatever.


Same with all the other signals that can be picked up and used to establish and match our patterns. Time is one. For example, when you’re usually awake vs. asleep. Location is another. When you’re usually at home or at work... or… mostly these days, work from home. But theoretically, at school, at the gym, anything regular. And then there’s behavior in general. Just when you usually do the usual things that you do… usually.

And Apple’s already been using this type of data, on device, since… iOS 9 I think, for Siri suggested apps. Including, most recently, for the Siri Suggested App widget. That you typically check Twitter when you wake up… or, sure, YouTube for my most recent upload, and thank you kindly. Or Podcasts when you get in the car. Maybe Music when you go for a run. Disney+ when you’re settled in for the evening. You smell what the Rene is cooking. Sorry.

And that might spark your privacy paranoia alarm bells, but Apple’s just as paranoid, so it’s restricted to on-device, only for your own benefit, and with that very narrow app recommendation use case as well. Which currently does not include anything even remotely close to authentication, because as signals go, these are all just incredibly weak. At least by themselves. But what if they were part of something a more? Like a threshold.

Smart ID (Magic ID)

Ok, so, imagine this. You go to use your iPhone… and it’s just unlocked. That’s it. That’s all. But totally not all. Because it took a hell of a lot of work to be that simple. Like, what if every time you spoke your iPhone captured a snippet of voice, every time you moved in front of the camera, it caught a glimpse of your face, every time you touched the bottom of the display it registered a partial print, every time you carried it around it tracked a bit of your gait. Nothing that, on it own, would be anywhere nearly enough to actively authenticate you, but when all pieced together, met some pre-determined threshold of trust that just resulted in your iPhone being passively unlocked whenever you wanted to use it.

Maybe you could choose how strict that threshold had to be, like low for when you’re at home, high when you’re out and about, and password only when you’re entering a particularly sketchy situation. But maybe location is part of it as well, and time, and behavior, and even wearing your trusted watch. All those things could lower or raise the threshold of trust. And if anything happens, if you’re wearing a mask and gloves and have a cold and you take your watch off while out skiing at some place you’ve never been before, and you fall below the threshold of trust, then your iPhone challenges you for a full, active authentication. Then you have to Face ID or Touch ID or even passcode or password in. But only then. Otherwise, when you’re well above the threshold… you’re set. Which could also be a super high threshold as well. Like multi factor face and touch and voice and watch high. Total win for both security and convenience high.

Because, otherwise, all authentication is passive but also persistent. All still on-device, for your benefit only, private by design, never shared with Apple or anyone else, but all working for you. The machine finally working for you, not the other way around. Not… like an animal.

Smart ID… or, yeah, Magic ID. Womp womp. But given everything Apple’s doing, everything I just went over, I have to believe they’re working towards it. Hell, given Apple’s fully integrated model, from silicon to software, they’re pretty much uniquely positioned to be working towards it. To give us authentication peace in our time.