What the Tech? Face ID security

(ABC 6 News) – If you own an iPhone you may use Face ID to unlock the phone, shop, and move money around using Apple Pay, Venmo, and your bank and credit card apps.

Face ID uses biometric data of the phone owner’s face and eyes and Apple has repeatedly stated that Face ID is more secure than the fingerprint scanner used by older iPhones. But there’s still a possibility that someone else can use Face ID on your phone.

Police in New York City say there’s been an increase in smartphone thefts in recent months. In most of the reported cases, the victim states someone snoops on them enters their phone’s passcode and then swipes the phone. Armed with the passcode the thief can find out where the victim lives, open their social media accounts, see all of their stored passwords, and could transfer money from the victim’s bank and credit card accounts to themselves. Unless the victim has Face ID required to use those apps.

Curious, I set out to test whether someone could add their biometric facial data to my phone without my knowledge using the iPhone’s “Alternate Face ID”. This feature is supposed to make it easier for the phone’s owner to unlock the phone using Face ID when they’re wearing sunglasses. I found it does not matter whether it’s the same face or not.

First, I tried it on my son’s iPhone 13. He unlocked the phone using his passcode and handed it to me. I went into settings and under “Set up alternate Face ID”, I rotated my head while looking into his camera. Once that was completed, I successfully unlocked his phone just by glancing at the screen. Granted, father and son look alike, so I asked my wife to add her photo as an alternate Face ID on my iPhone 13 Pro. The phone accepted her biometric data and she could then unlock the phone in an instant.

So what can you do to protect yourself and everything on your phone? Make sure Find My is turned on. Apple now requires someone to enter your Apple ID password to turn off Find My. You’ll be able to track the phone with another device, lock it, and even erase everything. But, if they go to turn off FindMy without the password, Apple will reset it using the phone’s passcode. You should already have a 6-digit passcode. If it’s only 4 numbers, you’re more at risk and you should change it in settings. It’s much easier for someone to memorize four numbers.

Apple also gives you the option to have an even more difficult alphanumeric passcode which is more like a password. Protect the passcode. Make it a habit to cover the screen whenever you enter the passcode and do not share it with anyone. It doesn’t matter if you change the passcode regularly, this is a crime of opportunity. Since police say this is happening primarily in bars, nightclubs, and other places people socialize, tell anyone who frequents those places.