Apple's Face ID Can Be Fooled by Kids, Twins

I’m not really sure if many parents were planning on buying $1,000 Apple iPhone Xs for their preteen spawn, but if they do, they may want to let the young’uns rely on a passcode rather than Face ID.

Credit: Apple

(Image credit: Apple)

While Apple has touted Face ID as its most secure method yet of locking a phone screen, the company says the technology won’t work nearly as well if you’re under 13 — or if you have an evil (or benign) twin, or a sibling who otherwise looks a lot like you.

In those instances, the company says, you're better off relying on the tried-and-true password, inconvenient as it may be to type in.

MORE: Best Antivirus Software and Apps

Earlier this week, Apple made its Face ID security guide available on its website, and for the most part, the paper is what you’d expect. Face ID is super-secure, according to Apple’s security gurus — its purported false-positive error rate, letting someone who's not you can get into the phone, is about 1 in 1,000,000 as opposed to 1 in 50,000 for the fingerprint-based Touch ID.

The iPhone X will still require you to use a passcode when the phone hasn’t been powered up or restarted in a while, and creating a passcode is required to set up Face ID in the first place. The team worked hard to ensure that Face ID works across a variety of ethnicities, preempting concerns about facial recognition favoring European colors and features.

Face ID’s only real drawback, according to the document, is that identical twins, siblings who otherwise look alike and children under the age of 13 could produce more false positives than usual, making Face ID less useful for those people.

Twins and siblings who resemble each other tend to have extremely similar facial structures, which could fool even Apple’s sophisticated cameras, while children under 13 have facial features that are less distinct because their appearances are still developing.

That’s not necessarily a huge security risk, however.

“If you’re concerned about this, we recommend using a passcode to authenticate,” wrote Apple’s security team. It’s a simple enough solution.

In fact, using a passcode may just be safer in general. A failure rate of 1 in 1,000,000 is extremely low, but think about how many iPhone users will be using Face ID to log in multiple times per day. The odds may eventually be against you.

Furthermore, Face ID may occupy some very murky territory in terms of law enforcement unlocking your phone. Even if you have nothing to hide, letting police officers into your phone without your express consent — as could happen if an officer held up your phone to your face and made you open your eyes — is probably not something you’ll want to do.

The good news is that the potential Face ID shortcomings won’t amount to much in the real world. Children under 13 aren’t likely to have iPhone Xs, and if they do, it’s easy enough to just make the use the required passcode. Twins and other lookalike siblings are (probably) not out to sabotage each other’s iPhones, and if there’s any bad blood, a passcode is always an option for them, too.

There’s no real lesson here, save that biometric security, which is never completely accurate, will always have drawbacks compared to standard passcodes, which are either right or wrong. The advantage is that biometrics are easier to use, and will persuade many people who have resisted using passcodes to lock their screens after all.