Mobile

11/2/2017
01:50 PM
50%
50%

iPhone X Face ID a Facial Biometrics Catalyst?

Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.

Apple's iPhone X is expected to arrive at Apple Stores on Friday, but some security professionals are uneasy about the trustworthiness of its new facial recognition feature.

Facial recognition biometrics has been around for decades but hasn't taken off. But Apple's Face ID in the iPhone X has the potential to spur adoption of facial biometric for multi-factor authentication in the enterprise, akin to how Apple'sTouch ID has spurred fingerprint biometrics in mobile device management systems, security experts say.

Employee adoption of new technology, however, often informs enterprise adoption, experts say.

Meanwhile, two new, separate surveys, show that the degree that end-users and security professionals trust Apple's Face ID is mixed. 

Face ID Faceoff

According to Bitglass's BYOD and Identity report released today - a survey of more than 200 IT and security professionals - 60% have reservations about Apple's Face ID. Top concerns among 40% of respondents include the accuracy of face detection, while 30% worry about its ability to prevent unauthorized access.

"Even though it works similar as Touch ID, everyone has concerns with the new technology," says Salim Hafid, Bitglass project manager. "I expect organizations that allow Touch ID will allow Face ID, but there will be a wait-and-see approach for a lot of organizations."

In addition to the Bitglass survey, other infosec experts in a Wired post recently questioned the security of Face ID. In September, Apple issued a whitepaper on its Face ID technology.

But a majority of end-users, or employees, expect Face ID to be effective for multifactor authentication of users. According to a Secret Double Octopus survey of 522 employees at midsized- to large enterprises, 81% of respondents expect Face ID to be trustworthy in its accuracy in facial recognition.

"We were extremely surprised by these results, since no users have yet tried the iPhone X and used Face ID," says Amit Rahav, vice president of marketing for Secret Double Octopus.

However, 73% of survey respondents say they would prefer the facial recognition feature over passwords in a work environment. That result is comparable to the 70% of respondents who say Face ID will be "extremely or very trustworthy," according to the survey.

Although Face ID may be viewed as viable for multifactor authentication, the National Institute of Standards and Technology (NIST) in its digital identity guidelines issued earlier this year noted biometrics, in general, should not be used for single authentication. "Biometrics, when employed as a single factor of authentication, do not constitute acceptable secrets for digital authentication — but they do have their place in the authentication of digital identities," the NIST guidelines said.

Mark Clifton, CEO of Princeton Identity, says some efforts are currently underway for incorporating facial recognition in an enterprise environment. "If you look at the past, Apple's Touch ID was a big boom for the biometrics industry," Clifton says. "You see a lot of enterprises and DHS [Department of Homeland Security] doing trials with facial recognition in airports, and of this nature."

Currently, fingerprints are the most popular form of biometric two-factor authentication, but facial recognition is growing fast, followed by iris-recognition, Clifton says. "These modalities will all move forward as consumer come forward and use them."

Ant Allan, a Gartner analyst, says he's skeptical of Face ID's impact on the use of biometrics for multifactor authentication in enterprises.

"I can say that the bottom line is, [Face ID] makes little difference from Touch ID," Allan says. "Whatever its inherent superiority, the lowest common denominator is still the device passcode, which remains as a way of unlocking your iPhone."

That said, however, Clifton says he has seen a change in the past year in the number of mobile users who rely on phone biometrics.

"At a conference I attended a year ago, there were 500 attendees, and when asked how many used the biometrics on their phone, maybe 30% to 40% raised their hand," Clifton recalls. "Now, at the sameconference a couple weeks agowhen asked the same question, 100% said they used it. I think phones have definitely been a catalyst."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NeilB915
50%
50%
NeilB915,
User Rank: Apprentice
10/30/2018 | 1:26:25 AM
iPhone X Face ID a Facial Biometrics Catalyst
Glad to visit your Blog. Thanks for sharing the relevant information about the process to use iPhone X Face ID a Facial Biometrics Catalyst. The entire information that you shared about iPhone X is so informative. If you are interested to know more information about iPhone then i recommend you to read iPhone Error 1671 blog for more details.

 

Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR Institute,  12/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20136
PUBLISHED: 2018-12-13
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
CVE-2018-20137
PUBLISHED: 2018-12-13
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
CVE-2018-20138
PUBLISHED: 2018-12-13
PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.
CVE-2018-1817
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.
CVE-2018-1818
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.