Surely my face is more secure than a password? I’d set far more complex passwords if I knew I only needed it in the rarest of events!
Thoughts?
Surely my face is more secure than a password? I’d set far more complex passwords if I knew I only needed it in the rarest of events!
Thoughts?
Because sometimes Face ID doesn’t work and you need a fallback method to get to your data.
Your iPhone works in exactly the same way.
I know after a reboot it’s required. The thing about a face is that it can be involuntarily collected, whereas a password is more intentional.
There’s a list of situations where the FaceID is required:
A lot of those make sense, even if the timeouts are longer than what I would expect. It’s mostly about you being able to intentionally lock your device against intrusion, and providing a set of very relaxed defaults.
Consider the Emergency SOS one. You use your iPhone to, for example, call EMS because something is wrong. If it didn’t shut down FaceID, whoever showed up would be able to unlock your phone and comb through whatever data data you had on there while you were unconscious. Edge case? Definitely. Worth considering? Yes.
Additional to @webwalrus’ explanation: Apple Platform Security documentation provides the background –
The data protection keys used by biometrics are stored in the Secure Enclave after the device has been unlocked at boot time. If the device restarts, the keys are discarded by Secure Enclave, thus the passcode is needed in order to re-establish the keys in Secure Enclave so that biometrics can be used again.
More on unlocking devices and the role of the Secure Enclave here
Ah, that explains the “battery below 10%” thing - it must discard the key well before the power off, to make sure it happens.
It’s interesting to know that not only doesn’t it allow the unlock, but it actually can’t. Fascinating.
There’s not much to add to this except that I think it makes clear the idea that passwords (at least for encrypted devices) serve two very different functions that are often seen as the same thing.