Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/2/2017
01:50 PM
50%
50%

iPhone X Face ID a Facial Biometrics Catalyst?

Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.

Apple's iPhone X is expected to arrive at Apple Stores on Friday, but some security professionals are uneasy about the trustworthiness of its new facial recognition feature.

Facial recognition biometrics has been around for decades but hasn't taken off. But Apple's Face ID in the iPhone X has the potential to spur adoption of facial biometric for multi-factor authentication in the enterprise, akin to how Apple'sTouch ID has spurred fingerprint biometrics in mobile device management systems, security experts say.

Employee adoption of new technology, however, often informs enterprise adoption, experts say.

Meanwhile, two new, separate surveys, show that the degree that end-users and security professionals trust Apple's Face ID is mixed. 

Face ID Faceoff

According to Bitglass's BYOD and Identity report released today - a survey of more than 200 IT and security professionals - 60% have reservations about Apple's Face ID. Top concerns among 40% of respondents include the accuracy of face detection, while 30% worry about its ability to prevent unauthorized access.

"Even though it works similar as Touch ID, everyone has concerns with the new technology," says Salim Hafid, Bitglass project manager. "I expect organizations that allow Touch ID will allow Face ID, but there will be a wait-and-see approach for a lot of organizations."

In addition to the Bitglass survey, other infosec experts in a Wired post recently questioned the security of Face ID. In September, Apple issued a whitepaper on its Face ID technology.

But a majority of end-users, or employees, expect Face ID to be effective for multifactor authentication of users. According to a Secret Double Octopus survey of 522 employees at midsized- to large enterprises, 81% of respondents expect Face ID to be trustworthy in its accuracy in facial recognition.

"We were extremely surprised by these results, since no users have yet tried the iPhone X and used Face ID," says Amit Rahav, vice president of marketing for Secret Double Octopus.

However, 73% of survey respondents say they would prefer the facial recognition feature over passwords in a work environment. That result is comparable to the 70% of respondents who say Face ID will be "extremely or very trustworthy," according to the survey.

Although Face ID may be viewed as viable for multifactor authentication, the National Institute of Standards and Technology (NIST) in its digital identity guidelines issued earlier this year noted biometrics, in general, should not be used for single authentication. "Biometrics, when employed as a single factor of authentication, do not constitute acceptable secrets for digital authentication — but they do have their place in the authentication of digital identities," the NIST guidelines said.

Mark Clifton, CEO of Princeton Identity, says some efforts are currently underway for incorporating facial recognition in an enterprise environment. "If you look at the past, Apple's Touch ID was a big boom for the biometrics industry," Clifton says. "You see a lot of enterprises and DHS [Department of Homeland Security] doing trials with facial recognition in airports, and of this nature."

Currently, fingerprints are the most popular form of biometric two-factor authentication, but facial recognition is growing fast, followed by iris-recognition, Clifton says. "These modalities will all move forward as consumer come forward and use them."

Ant Allan, a Gartner analyst, says he's skeptical of Face ID's impact on the use of biometrics for multifactor authentication in enterprises.

"I can say that the bottom line is, [Face ID] makes little difference from Touch ID," Allan says. "Whatever its inherent superiority, the lowest common denominator is still the device passcode, which remains as a way of unlocking your iPhone."

That said, however, Clifton says he has seen a change in the past year in the number of mobile users who rely on phone biometrics.

"At a conference I attended a year ago, there were 500 attendees, and when asked how many used the biometrics on their phone, maybe 30% to 40% raised their hand," Clifton recalls. "Now, at the sameconference a couple weeks agowhen asked the same question, 100% said they used it. I think phones have definitely been a catalyst."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NeilB915
50%
50%
NeilB915,
User Rank: Moderator
10/30/2018 | 1:26:25 AM
iPhone X Face ID a Facial Biometrics Catalyst
Glad to visit your Blog. Thanks for sharing the relevant information about the process to use iPhone X Face ID a Facial Biometrics Catalyst. The entire information that you shared about iPhone X is so informative. If you are interested to know more information about iPhone then i recommend you to read iPhone Error 1671 blog for more details.

 

COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16168
PUBLISHED: 2020-08-07
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
CVE-2020-8025
PUBLISHED: 2020-08-07
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the p...
CVE-2020-8026
PUBLISHED: 2020-08-07
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior...
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.