Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/2/2017
01:50 PM
50%
50%

iPhone X Face ID a Facial Biometrics Catalyst?

Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.

Apple's iPhone X is expected to arrive at Apple Stores on Friday, but some security professionals are uneasy about the trustworthiness of its new facial recognition feature.

Facial recognition biometrics has been around for decades but hasn't taken off. But Apple's Face ID in the iPhone X has the potential to spur adoption of facial biometric for multi-factor authentication in the enterprise, akin to how Apple'sTouch ID has spurred fingerprint biometrics in mobile device management systems, security experts say.

Employee adoption of new technology, however, often informs enterprise adoption, experts say.

Meanwhile, two new, separate surveys, show that the degree that end-users and security professionals trust Apple's Face ID is mixed. 

Face ID Faceoff

According to Bitglass's BYOD and Identity report released today - a survey of more than 200 IT and security professionals - 60% have reservations about Apple's Face ID. Top concerns among 40% of respondents include the accuracy of face detection, while 30% worry about its ability to prevent unauthorized access.

"Even though it works similar as Touch ID, everyone has concerns with the new technology," says Salim Hafid, Bitglass project manager. "I expect organizations that allow Touch ID will allow Face ID, but there will be a wait-and-see approach for a lot of organizations."

In addition to the Bitglass survey, other infosec experts in a Wired post recently questioned the security of Face ID. In September, Apple issued a whitepaper on its Face ID technology.

But a majority of end-users, or employees, expect Face ID to be effective for multifactor authentication of users. According to a Secret Double Octopus survey of 522 employees at midsized- to large enterprises, 81% of respondents expect Face ID to be trustworthy in its accuracy in facial recognition.

"We were extremely surprised by these results, since no users have yet tried the iPhone X and used Face ID," says Amit Rahav, vice president of marketing for Secret Double Octopus.

However, 73% of survey respondents say they would prefer the facial recognition feature over passwords in a work environment. That result is comparable to the 70% of respondents who say Face ID will be "extremely or very trustworthy," according to the survey.

Although Face ID may be viewed as viable for multifactor authentication, the National Institute of Standards and Technology (NIST) in its digital identity guidelines issued earlier this year noted biometrics, in general, should not be used for single authentication. "Biometrics, when employed as a single factor of authentication, do not constitute acceptable secrets for digital authentication — but they do have their place in the authentication of digital identities," the NIST guidelines said.

Mark Clifton, CEO of Princeton Identity, says some efforts are currently underway for incorporating facial recognition in an enterprise environment. "If you look at the past, Apple's Touch ID was a big boom for the biometrics industry," Clifton says. "You see a lot of enterprises and DHS [Department of Homeland Security] doing trials with facial recognition in airports, and of this nature."

Currently, fingerprints are the most popular form of biometric two-factor authentication, but facial recognition is growing fast, followed by iris-recognition, Clifton says. "These modalities will all move forward as consumer come forward and use them."

Ant Allan, a Gartner analyst, says he's skeptical of Face ID's impact on the use of biometrics for multifactor authentication in enterprises.

"I can say that the bottom line is, [Face ID] makes little difference from Touch ID," Allan says. "Whatever its inherent superiority, the lowest common denominator is still the device passcode, which remains as a way of unlocking your iPhone."

That said, however, Clifton says he has seen a change in the past year in the number of mobile users who rely on phone biometrics.

"At a conference I attended a year ago, there were 500 attendees, and when asked how many used the biometrics on their phone, maybe 30% to 40% raised their hand," Clifton recalls. "Now, at the sameconference a couple weeks agowhen asked the same question, 100% said they used it. I think phones have definitely been a catalyst."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
NeilB915
50%
50%
NeilB915,
User Rank: Moderator
10/30/2018 | 1:26:25 AM
iPhone X Face ID a Facial Biometrics Catalyst
Glad to visit your Blog. Thanks for sharing the relevant information about the process to use iPhone X Face ID a Facial Biometrics Catalyst. The entire information that you shared about iPhone X is so informative. If you are interested to know more information about iPhone then i recommend you to read iPhone Error 1671 blog for more details.

 

SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19702
PUBLISHED: 2019-12-10
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML do...
CVE-2019-19703
PUBLISHED: 2019-12-10
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2012-1577
PUBLISHED: 2019-12-10
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVE-2012-5620
PUBLISHED: 2019-12-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2013-1689
PUBLISHED: 2019-12-10
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.