FaceID is 2.5 years ahead of the competition

[vanished]

24 minutes ago, Drak3 said:

Alternative answers:

A) Apple's testing doesn't hold up in the real world

B) Microsoft is low balling to cover their asses

C) Microsoft is taking botched third party OEM implementations into account

True... I guess we really don't know for sure.

 

Ultimately you use this if you want a faster login, not a more secure one though

[Drak3]

3 minutes ago, Ryan_Vickers said:

True... I guess we really don't know for sure.

Here's what Risuchan knows for sure, FaceID is NOT actually more secure than Windows Hello or whatever the Android alternatives are called. All systems require the same backup system, a PIN or password. All systems allow potential users to bypass before even trying facial recognition.

 

It's purely a convenience feature.

[Sniperfox47]

4 hours ago, LAwLz said:

~snip~

If I could give this one post 8 agrees, one for each point, I would.

[Sniperfox47]

1 hour ago, Bensemus said:

About Window's hello. According to MS it's a 1 in 100,000 chance of someone else being able to unlock your device. So between Apple's data and MS's data Apple's implementation is more secure.

 

1 hour ago, Drak3 said:

Alternative answers:

A) Apple's testing doesn't hold up in the real world

B) Microsoft is low balling to cover their asses

C) Microsoft is taking botched third party OEM implementations into account

Another alternative answer:

That's for Windows Hello, not specifically Intel Realsense.

 

Windows Hello includes fingerprint identification.

 

In that case Windows Hello has half the false positives of touchID, likely in part because of the bigger higher resolution sensors they can use in a laptop/USB device.

 

I don't recall ever seeing stats for the Intel Realsense portion seperate from the other biometrics Windows Hello allows.

 

Edit: also the "stats" you quoted are a link to the minimum requirements to get your crappy ID system accepted as a Windows Hello device, not actual device stats...

[79wjd]

1 hour ago, Drak3 said:

Here's what Risuchan knows for sure, FaceID is NOT actually more secure than Windows Hello or whatever the Android alternatives are called. All systems require the same backup system, a PIN or password. All systems allow potential users to bypass before even trying facial recognition.

 

It's purely a convenience feature.

That's the the relative securities of the devices/login process as a whole over a generalized population. If a user has a strong password, then FaceID/Windows Hello becomes the weakest link, and then the relative strength of each does matter.

 

Although I would agree completely that it's really all about convenience. Personally, I don't care whether I have TouchID or FaceID so long as its quick, reliable, and convenient. Frankly, I couldn't even care if it had a false positive rate of 1:50 as long as it recognized me consistently and was able to tell me apart from my pocket.

[Cookybiscuit]

Only an idiot who wants the CIA to watch their event move doesn't cover up their front facing camera.

[vanished]

11 minutes ago, djdwosk97 said:

Although I would agree completely that it's really all about convenience. [...]

This raises another topic actually... which is better, face ID or touch ID, purely from a convenience standpoint?  I've never used either but I have to feel like touchID is the better option.  As Linus has always said, you can have the phone unlocked before it's even in front of your face, but, by definition, with faceID, you'll have to hold it up and wait, even if it is only a fraction of a second.

[79wjd]

8 minutes ago, Ryan_Vickers said:

This raises another topic actually... which is better, face ID or touch ID, purely from a convenience standpoint?  I've never used either but I have to feel like touchID is the better option.  As Linus has always said, you can have the phone unlocked before it's even in front of your face, but, by definition, with faceID, you'll have to hold it up and wait, even if it is only a fraction of a second.

That depends.....Assuming everything works as it should, I'd personally say TouchID embedded in the screen > FaceID > Standard TouchID >>> Rear TouchID (although in the case of ApplePay, I'd say TouchID in the screen > Touch ID > FaceID > Rear TouchID.

[LAwLz]

6 hours ago, DrMacintosh said:

The phone reset because it had restarted. FaceID was not disabled from trying to unlock with the wrong face too many times, it was disabled completely because it had just rebooted. 

Sorry but I will believe Apple above you.

 

From Yahoo Finance:

Quote

[UPDATE: Commenters have noted that the “passcode is required” message doesn’t have the same wording as the one that you see, on a Touch ID phone, after a restart. Instead, it resembles the message you see when someone has tried Touch ID unsuccessfully too many times. If Face ID uses the same scheme, we can’t know who had tried it unsuccessfully—stage crew? keynote team member?—but it’s safe to assume that it wasn’t Federighi. If he had tried and failed before the show, he certainly would have insisted on troubleshooting the phone after the first failure. In other words, something went wrong, but it wasn’t Face ID misbehaving.

Quote

FINAL UPDATE: Tonight, I was able to contact Apple. After examining the logs of the demo iPhone X, they now know exactly what went down. Turns out my first theory in this story was wrong—but my first UPDATE theory above was correct: “People were handling the device for stage demo ahead of time,” says a rep, “and didn’t realize Face ID was trying to authenticate their face. After failing a number of times, because they weren’t Craig, the iPhone did what it was designed to do, which was to require his passcode.” In other words, “Face ID worked as it was designed to.”

 

TL;DR: It failed because a bunch of other people had looked at the phone, which counted as failed authentications.

 

 

5 hours ago, DrMacintosh said:

Yes, I believe that passcodes are inherently flawed methods of security and many analysts would agree with me. 

No, they wouldn't. At least not any serious person working in cryptography.

 

5 hours ago, DrMacintosh said:

Passcodes are decent fallbacks to a more secure technology. 

1) FaceID is not inherently more secure. It is only more secure if you choose a crappy password, and even then iOS has protection against guessing passwords.

2) Like it has been pointed out to you several times already, security is only as strong as the weakest link. So the whole "fallback to a less secure method" is the completely wrong way to go about it, if you actually believe passwords are worse than FaceID (I think you only believe that because you have been listening to Apple too much).

If you truly believe that simple passwords are not secure, and that most people use simple passwords therefore they are not secure in general, then you must also believe that FaceID is not secure in general because it will ALWAYS be even less secure than the password alone is.

Just to repeat that: FaceID will always be less secure than the same password as the only login method.

 

 

4 hours ago, Bensemus said:

That's true. Although someone did link that short video of twins trying to fool MS and they all failed. I also haven't heard any crazy stories like when Samsung's iris scanner was fooled by a picture printed from a Samsung printer.

 

Once the phone releases there will be tons of people looking to fool it. I'm interested in seeing how successful they are.

I am fairly sure it wasn't the iris scanner that was fooled with a picture. I think that was the face unlock that was fooled.

[suicidalfranco]

1 hour ago, LAwLz said:

I am fairly sure it wasn't the iris scanner that was fooled with a picture. I think that was the face unlock that was fooled.

no, it was the iris scanner

 

https://www.bleepingcomputer.com/news/security/samsung-galaxy-s8-iris-scanner-fooled-by-a-photo/

[Doobeedoo]

Also their A11 SOC as well too. Tight chip development between teams with more time as well, focus just on one device, much larger slicon than Android chips, earlier 64bit cpu architecture introduction on mobile device. 

 

[DrMacintosh]

8 hours ago, LAwLz said:

No, they wouldn't. At least not any serious person working in cryptography

Literally every security analyst knows passcodes and passwords are terrible ways of authenticating who a person is.....

[DrMacintosh]

3 minutes ago, anthonyjc2010 said:

Then why does the fingerprint sensor work perfectly on my Nexus 6P? Could it be that I just had a faulty unit, or TouchID isn't as magical as people say?

TouchID is not magical, it simply does what it says it will do. 

 

Why yours use doesn’t work idk, but I haven’t heard of anyone that has had chronic issues with TouchID. 

 

Its possible you had a fault unit, that’s really the only thing that could explain it since the Nexus 6P does not have a better fingerprint array of sensors. 

[DrMacintosh]

8 hours ago, LAwLz said:

It failed because a bunch of other people had looked at the phone, which counted as failed authentications.

Even if that was true, even though it’s highly unlikely because of what Apple says is true it goes against the core behavior of iOS since the iPhone 5s.......so what? 

 

It worked as intended. 

 

What is more likely is that the phone was rebooted behind stage because they knew they were handling it and Craig was not there to unlock it. 

 

I just can’t belive Apple until I have the iPhone X on hand because that is not how iOS behaves. 

[D13H4RD]

And then next year, there'll be that one Android phone with the "same" tech.

 

Only that it's not implemented very well.

 

I'm not Apple's biggest fan, but you have to hand it to them. Usually, they implement their stuff very well. 

 

Still skeptical over FaceID's practical usefulness in the real-world, but I'm warming up to it if it really works as promised.

[Eduard the weeb]

like brought up a lot I don't like the idea of no touch Id and also if someone want to open my phone they just have to show my face which is weird when I am doing things if you know what I mean ( ͡° ͜ʖ ͡°) ( ͡° ͜ʖ ͡°) ( ͡° ͜ʖ ͡°). lol but seriously I think it werid that the camera can see me in the dark its cool but It may be a step down from touch Id which I value more. and also I don't really use emojis for texting but i don't know I am a Android user currently.

[mynameisjuan]

1 minute ago, DrMacintosh said:

Literally every security analyst knows passcodes and passwords are terrible ways of authenticating who a person is.....

Ok pal

 

Biometrics are very good at basic security. Compared to passwords, its complexity removes chances of the security being too vulnerable, like 123456 as a password. Its unique to every person and complex enough to not replicate easily but can be done.

 

Passwords are even better but the main downfall is the way a lot of people use them. A simple password of 8 characters can make cracking the password by brute force incredible time consuming and if symbols and numbers are added can make it even harder to crack and that is only with 8 characters. 

 

BOTH can be cracked either by brute force or duplicating a finger print. This is known. But compare to biometrics, passwords have the advantage of increasing security and in the event of it being cracked or stolen can be changed. Two thing biometrics will never have and is more a security flaw than passwords will ever be. Once your finger print or face is stolen what are you going to do? 

[Sniperfox47]

20 minutes ago, mynameisjuan said:

Once your finger print or face is stolen [who ya gonna call]? -fixed

Ghost Busters! :3

 

But no seriously @DrMacintosh you need to take a step back and think about this. I don't think any of us are saying the iPhone X or faceID is the devil, but it's not as flawless as you're making it out to be.

 

Apple messes stuff up. Bricking iPhones with an update if they have unpaired secure enclaves (a la when users replace the TouchID sensor)? iPhone 6 Touch disease? They're only humans like the rest of us. Acting like this system is foolproof, or in any way more secure than other existing options is only going to mislead others.

 

Apple makes pretty good hardware, and pretty good software, but that's all they are. Pretty good. They're not some Messiah of perfect hardware and "increadible" "amazing" "awesome" "innovation". Any system can be broken, faceID is just the new kid on the block, so the tools aren't in everybody's hands yet.

 

Until the device is actually in people's hands, and the security can be verified by some nonbiased hackers, we should be taking things with a healthy grain of skepticism.

[mynameisjuan]

12 minutes ago, Sniperfox47 said:

I don't think any of us are saying the iPhone X or faceID is the devil

Yeah thats not at all what we are saying. Until we can see how easy it is to fool we are just questioning how secure it is. Every security system has its flaws. 

[LAwLz]

2 hours ago, DrMacintosh said:

Literally every security analyst knows passcodes and passwords are terrible ways of authenticating who a person is.....

1) I want some names of security experts saying that passwords are terrible (when used properly, don't give me some bullshit like about how 12345 is a bad password).

2) I want you to post evidence that TouchID (or FaceID) with password as a fallback is more secure than just the password. It is legitimately mind blowing to me that you can believe that bullshit. It doesn't even begin to make logical sense.

3) Here is one person who disagrees with you. It took me 5 seconds to find on Google. This is a quote from a guy called Marc Rogers. Since you are so invested in security research I am sure you have heard of him. (he is the head of SecOps for DEF CON and the head of infosec at CloudFlare). Here is what he said after he successfully bypassed successfully bypassed TouchID:

Quote

TouchID is not a “strong” security control. It is a “convenient” security control. Today just over 50 percent of users have a PIN on their smartphones, and the number one reason people give for not using the PIN is that it’s inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.

 

 

 

 

2 hours ago, DrMacintosh said:

Even if that was true, even though it’s highly unlikely because of what Apple says is true it goes against the core behavior of iOS since the iPhone 5s.......so what? 

 

It worked as intended. 

 

What is more likely is that the phone was rebooted behind stage because they knew they were handling it and Craig was not there to unlock it. 

 

I just can’t belive Apple until I have the iPhone X on hand because that is not how iOS behaves. 

So even when Apple comes out and explains why something happened, you will defend them by saying they are lying and it isn't a flaw, it's a feature?

I even quoted the part of the article which explains that the wording is not the same as when you have restarted the phone. It's more similar to the wording of the message you get when you have made multiple failed authentication tries with TouchID.

According to that article, Apple and commenters on that article, it is exactly how iOS behaves.

It's how my Galaxy S7 works too. If you fail too many attempts you need to use a backup method such as a PIN.

[DrMacintosh]

33 minutes ago, LAwLz said:

If you fail too many attempts you need to use a backup method such as a PIN.

On iOS when you fail too many times it will say that “TouchID is disabled, enter your passcode to enable TouchID” 

 

the demo didn’t state that FaceID was disabled. 

[DrMacintosh]

35 minutes ago, LAwLz said:

I want you to post evidence that TouchID (or FaceID) with password as a fallback is more secure

If TouchID/FaceID were the only method of unlocking and iPhone it would be more secure than a passcode. Period. 

[79wjd]

12 minutes ago, DrMacintosh said:

On iOS when you fail too many times it will say that “TouchID is disabled, enter your passcode to enable TouchID” 

 

the demo didn’t state that FaceID was disabled. 

When you fail to authenticate with TouchID too many times it says: "your passcode is required to enable touchID", which is the message that appeared during the faceID demo.

Source: I literally just tested it myself.

10 minutes ago, DrMacintosh said:

If TouchID/FaceID were the only method of unlocking and iPhone it would be more secure than a passcode. Period. 

It would be more secure if you're using a terrible password that would be early in the list of passwords to guess.

[suicidalfranco]

23 minutes ago, DrMacintosh said:

On iOS when you fail too many times it will say that “TouchID is disabled, enter your passcode to enable TouchID” 

 

the demo didn’t state that FaceID was disabled. 

when the fanboysim is so high and hard that you start to call liar the company object of you fanboyism

Spoiler

AYYYYYYYYYYYYYYYYYYYY LMFAO

 

[mynameisjuan]

37 minutes ago, DrMacintosh said:

If TouchID/FaceID were the only method of unlocking and iPhone it would be more secure than a passcode. Period. 

You really are ignoring 90% of the post here about how you are wrong arnt you.

psssttt.....Your fanboi is showing....