Jump to content

FaceID is 2.5 years ahead of the competition

52 minutes ago, DrMacintosh said:

If TouchID/FaceID were the only method of unlocking and iPhone it would be more secure than a passcode. Period. 

1) But you can not set TouchID/FaceID to be the only method for unlocking, so your point is irrelevant.

2) I don't believe that. It might be better than a simple password, but that does not make it better than passwords in general.

3) You never answered any of my questions or gave me the things I requested. You can't just keep making absurd statements and then ignore all requests to prove your claims.

Link to comment
Share on other sites

Link to post
Share on other sites

23 minutes ago, LAwLz said:

[...]

2) I don't believe that. It might be better than a simple password, but that does not make it better than passwords in general.

[...]

If you're curious how it stacks up, I looked at this earlier which is what started all of this actually xD 

 

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

21 minutes ago, Ryan_Vickers said:

If you're curious how it stacks up, I looked at this earlier which is what started all of this actually xD 

 

But you've also got to consider that, at least with current methods, the time taken between attempting difference passwords and different faces is significantly different.

 

Since all cryptography is based on the amount of time to crack something being infeasible, the time it takes to make different masks or find different people to try the phone with becomes a relevant factor.

 

It's not just about raw number of possible values, which is why this whole discussion has been kinda dumb. The other side has been arguing that it's more secure because of the lower False Accuracy Rate, but that really says absolutely nothing about the *security* of it against any kind of real world attack.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Sniperfox47 said:

But you've also got to consider that, at least with current methods, the time taken between attempting difference passwords and different faces is significantly different.

 

Since all cryptography is based on the amount of time to crack something being infeasible, the time it takes to make different masks or find different people to try the phone with becomes a relevant factor.

 

It's not just about raw number of possible values, which is why this whole discussion has been kinda dumb. The other side has been arguing that it's more secure because of the lower False Accuracy Rate, but that really says absolutely nothing about the *security* of it against any kind of real world attack.

I believe the response to many failed face/touch ID attempts is to fall back to a password.  The response to many failed password attempts is to lock the device for some predetermined amount of time, and even wipe itself, so I don't think that really affects anything.

 

I mean if we want to get serious about the different kinds of attacks someone is likely to experience, it's going to be:

  • "friends" or family messing with it trying a few times to get in then giving up, in which case anything is probably sufficient
  • the government trying to get in, in which case nothing will probably stop them
  • something in between, in which case we go back to what I said at the start of this post.

As I've said many times, my main point is that face/touch ID do not enhance the security of the device at all, and if you're using them, just don't fool yourself about why - it's for convenience, not security.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Sniperfox47 said:

Since all cryptography is based on the amount of time to crack something being infeasible, the time it takes to make different masks or find different people to try the phone with becomes a relevant factor.

 

It's not just about raw number of possible values, which is why this whole discussion has been kinda dumb. The other side has been arguing that it's more secure because of the lower False Accuracy Rate, but that really says absolutely nothing about the *security* of it against any kind of real world attack.

Well, once you figure out how FaceID works (and what can fool it), then cracking it becomes a trivial thing -- it will take however long it takes to make ONE mask. 

 

With passwords there's no "trick" to figuring out the password (assuming it's a decent password and not on the top 100 list / a birthday / etc...).

PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to comment
Share on other sites

Link to post
Share on other sites

furthermore, as has been rehashed countless times already, regardless of how secure or not faceID would be on its own is of no consequence since as it currently stands, it still falls back to a password, so the "it takes longer to make new masks to try" doesn't really matter since someone can just try going after the password instead if they want.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, djdwosk97 said:

Well, once you figure out how FaceID works (and what can fool it), then cracking it becomes a trivial thing -- it will take however long it takes to make ONE mask. 

 

With passwords there's no "trick" to figuring out the password (assuming it's a decent password and not on the top 100 list / a birthday / etc...).

That's something I mentioned explicitly in previous posts. My post was more just to point out to Ryan one of *many* reasons that FAR isn't really a good way to analyze the security of an identification method, and that calculating that there are more possible passwords doesn't, in itself, prove that passwords are more secure.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryan_Vickers said:

furthermore, as has been rehashed countless times already, regardless of how secure or not faceID would be on its own is of no consequence since as it currently stands, it still falls back to a password, so the "it takes longer to make new masks to try" doesn't really matter since someone can just try going after the password instead if they want.

I'm not disagreeing with you on that. I'm also not saying that FaceID is more secure than passwords, I'm just saying using FAR (chance of collision) as a method of measuring security (by itself) is kind of missing the point.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Sniperfox47 said:

I'm not disagreeing with you on that. I'm also not saying that FaceID is more secure than passwords, I'm just saying using FAR (chance of collision) as a method of measuring security is kind of missing the point.

I suppose that's true, but I was also considering it form a standpoint of "first try", as in the odds of it unlocking for a attacker after one attempt, where the time required for repeated attacks hasn't yet come into play.  I realize that normally this factor is dwarfed in the long term but as I pointed out, one of the most common "attacks" a phone user is likely to see is a friend or family member messing with it a very limited number of times

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×