Ten years after kickstarting the mobile revolution with the original iPhone and four years since mainstreaming mobile fingerprint sensors with Touch ID, Apple has now begun to supplant fingerprint biometrics on mobile with facial recognition based on depth perception.

Debuting on iPhone X, Face ID is an advanced facial recognition system that uses vertical-cavity surface-emitting (VCSEL) laser diodes and machine learning. It can recognize your face out of a million other, letting you unlock your phone with just a look, approve Apple Pay transactions with your face, mimic your facial expressions on 3D emoji in real time and more.

Face ID will eventually roll out to all future iPhones and iPads while gaining additional features and introducing whole new use cases. Here’s everything you need to know about Face ID.

Setting up Face ID

To set up Face ID, venture into Settings → Passcode & Face ID. This is where you’ll enroll your face, manage the features Face ID will be used for and more.

To get started with Face ID, tap Enroll Face underneath the Face ID heading, then tap Get Started and follow onscreen instructions to complete enrollment. To help Face ID recognize the unique features of your face, position your face within the onscreen frame then gently move your head while looking at the screen to complete the circle.

That’s it, you can now use your face instead of your fingerprint to unlock the phone and more.

How to use Face ID

Seriously?

Just pick up your phone and it unlocks the instant you look at it. The padlock icon on the Lock screen animates to indicate the phone is unlocked, revealing notifications and messages.

To reach the Home screen, slide up from the bottom of the screen. You don’t need to hold the phone directly in front of your face: Face ID works even if the device is slightly off-axis.

We should point out that Face ID does not constantly scan its surroundings when the phone is asleep so, no, you cannot launch the Home screen by glance at it from across the room. In other words, you must be in the DepthCamera’s view and the phone must be awake in order for Face ID to kick into action.

Face ID also keeps the screen lit when you’re looking at it, which is useful when reading.

This is called Attention Awareness and can be disabled at will in the Accessibility section of the Settings app. Face ID will even lower the volume of an alarm or ringer after you wake up and look toward the device with your eyes open.

By default, Face ID refuses to unlock the phone if it doesn’t see your eyes.

You can turn this off in Accessibility settings but keep in mind that doing so shall lower your security because Face ID won’t be able to tell that your eyes are directly focused on the phone. For instance, someone could gain access to your device by scanning your face while you’re asleep or simply point the phone at your face to unlock it, even when you’re not paying attention.

To prevent this from happening, either leave this setting on or remember to do the following before nap time or leaving your phone unattended, even for a few minutes: simultaneously hold either of the volume buttons and the Side button, which will disable Face ID temporarily and require a passcode.

Face ID vs Touch ID

Touch ID is still a little bit faster than Face ID. Touch ID can be set to launch the Home screen as soon as you rest a finger on the sensor, but that’s about the only thing going for it.

TIP: don’t turn the Raise to Wake feature off when using Face ID.

While iPhone X lets you wake the display with a tap (they’re calling it Tap to Wake), you still must slide up to get to the Home screen. With Raise to Wake off, every phone unlock takes two gestures instead of one (tap to wake the display, then swipe up to launch the Home screen).

Where you can use Face ID

At launch, Face ID can be used for:

  • iPhone unlock—Unlock your phone with a glance
  • Auto-Lock—Keep the screen lit when reading
  • iTunes and App Store—Approve app and media purchases
  • Apple Pay—Check out with just a glance
  • Safari Autofill—Unlock saved Safari passwords for use on websites and in apps
  • Animoji—Animate emoji using your voice and facial expressions
  • Messages—Reveal messages when looking at the Lock screen
  • Notifications—Display protected notifications on the Lock screen
  • Alarms/ringers—Lower the alarm/ringer volume with a glance

Your favorite apps don’t need to be updated in order to take advantage of Face ID. Any app which already works with Touch ID (banking apps included) will automatically continue working with the new Face ID system, and vice versa, no update required.

The best thing about Face ID is that depth perception afforded by the new infrared sensors is not limited to facial scanning. For instance, Apple is already using its new TrueDepth camera system to animate emoji in real-time by mapping more than fifty facial muscle movements.

One could easily envision a future software update taking the TrueDepth system even further by bringing a range of other exciting user experiences to the mix.

How Face ID does its magic

Glad you asked…

Like Touch ID, Face ID “just works” but there are some prerequisites. Just like Touch ID doesn’t work reliably with wet, oily or dirty fingers, Face ID needs to see your eyes, nose and mouth to work properly.

Though scarves and other accessories that might obscure your face won’t throw it off, surgeons and people who wear a garment that covers their face (i.e. women in some Muslim countries are required to wear a niqab in public) will need to use the passcode instead, as per Apple.

Face ID takes advantage of a brand new TrueDepth camera system hidden in the cutout at the top of the Super Retina display. Every time you pick up your phone, an infrared transmitter illuminates your face using rays of infrared light invisible to the human eye.

Infrared light is commonly used for night vision, which lets Face ID see your face even in complete darkness. At this point, a dedicated infrared camera kick into action to capture a two-dimensional image of your face in the infrared light spectrum.

Another sensor sprays the unique geometry of your face with more than 30,000 invisible infrared dots. This is used for depth perception—the greater the distance, the bigger the dot.

For instance, a dot that lands on your nose has a smaller diameter than the one hitting your forehead or ear. An infrared camera picks up these microscopic differences in dot size, allowing the system to build a three-dimensional mesh of your face.

Next, the infrared image and the 3D dot pattern get pushed through neural networks powered by a dedicated hardware embedded into the A11 Bionic chip. This neural engine is a dual-core processor optimized for a specific set of machine learning algorithms.

Performing an astounding 600 billion calculations per second, it processes facial data in real-time to create a mathematical model of your face and feed it to a dedicated cryptographic coprocessor, called Secure Enclave. It then checks that mathematical model against the one that the system stored when you enrolled your face to see if there’s a match.

If there’s a match, the Secure Enclave unlocks your phone. If that sounds complicated, that’s because it is. There’s some immense technology behind Face ID that works in real-time, yet the user never sees these things going off.

From a user standpoint, Face ID “just works.”

How Face ID protects your facial information

Apple approaches faces the same way it treats fingerprints.

That should assuage concerns whether or not the Face ID technology is secure enough to become a viable replacement for Touch ID. If it’s good enough for the banks, it’s at least as secure as Touch ID.

Apple pegs the chance of someone unlocking your phone with their face at one in a million.

By contrast, a random fingerprint could dupe Touch ID with a success rate of one in 50,000. In other words, Face ID improves upon Touch ID twenty-fold though the statistics are lowered if a person shares a close genetic relationship with you.

So, how secure facial information on your phone is?

As mentioned, facial information is hashed before being passing on to the Secure Enclave to confirm a match. At the same time, the infrared image of your face along with the dot pattern are immediately discarded.

Embedded into the main A11 Bionic chip, the Secure Enclave itself is an extremely secure cryptographic coprocessor that’s resistant to even circuit-level analysis. Even if a hacker managed to break into the Secure Enclave, decrypt its memory and extract data, they would find it impossible to reconstruct your face from its mathematical representation.

The Secure Enclave uses its own encrypted memory and is walled off from the A10 Bionic chip and the rest of the system. As a result, all processing done on the Secure Enclave is safe from the prying eyes.

All the system received from the Secure Enclave is a confirmation of a match.

Furthermore, Face ID processing is done on-device and your facial information is safely encrypted in the Secure Enclave. Your face won’t leak to the Internet because the data is never sent to the cloud nor is it exposed to or accessible by apps or to the rest of the system.

You’re not required to use Face ID if you don’t want to. The good ol’ passcode (make it at least six digits) will protect and lock your sensitive information just as well as Face ID or Touch ID.

Face ID tidbits: spoofing, thieves & more

Here’s a quick overview of where Face ID does and doesn’t work:

  • Physical changes in appearance—Face ID uses neural networks that have been trained to detect physical changes in your appearance. It learns who you are and adapts as your face ages. Hairstyles, beards, makeup, hats, sunglasses, scarves and other accessories that might obscure your face are not enough to throw Face ID off.
  • Low-light environments—Face ID blasts your face with the invisible infrared light that’s commonly used for night vision, which lets Face ID pick up your face in poorly lit environments or even in complete darkness.
  • Multiple faces—Unlike with Touch ID, you can only enroll a single face with Face ID, at least initially (you do have only one face, don’t you?). To add a new face, you must remove the existing face in Settings.
  • Oblique angles—You don’t have to hold the phone in front of your face because Face ID works at fairly extreme angles. For instance, if the phone is in your lap Face ID can unlock it as long as the infrared camera can detect your space from eyes to mouth. If you’re using your phone across a natural series of angles, Face ID can unlock your phone at angles and distances you’d be at if you put it in front-facing camera mode.
  • Attention awareness—By default, unlocking with Face ID entails starring at the phone with your eyes open. This also reveals notifications and messages when looking at the Lock screen and keeps the screen lit when reading. If you do not want Face ID to require attention, go to Settings → General → Accessibility and disable Require Attention for Face ID. This will decrease your security because Face ID won’t be able to guarantee you’re focused on the phone.
  • Sunglasses—Face ID works with most, but not all sunglasses on the market. According to Apple’s Craig Federighi, most sunglasses let through infrared light that Face ID can see your eyes even when your shades appear to be opaque.
  • Thieves—If forced to hand over your phone during robbery, don’t stare at it and remember to discreetly hold the Side button and either of the volume buttons for a moment, which will temporarily disable Face ID (you can temporarily disable Touch ID using a similar trick).
  • Passcode—While a sleeping phone can be unlocked with Face ID, you must always enter your passcode at restart or after the phone has been shut off before using the feature. That’s because the Secure Enclave, where numerical representations of your facial map are stored encrypted, is inaccessible until after you enter the passcode.
  • Sharing—Because you can only registered one face per device, you’ll need to share a passcode with your loved ones or smile for the camera to give them access to your phone. TIP: disable the Erase Data option in Settings to prevent your kids from wiping your device clean after ten failed passcode attempts.
  • Photo spoofing—Not possible. Unlike facial unlocking on Samsung’s Galaxy S8 and Note 8 that can be easily beaten by a person’s photo, this won’t work with Face ID. Face ID uses depth perception to recreate your face in 3D, as well as machine learning, artificial intelligence and other tricks to confirm a match.
  • Face masks—Arya Stark wouldn’t be able to fool Face ID because Apple’s worked with Hollywood special effects artists to prevent spoofing by photos or masks.
  • Racial bias—Due to a lack diversity in databases, many consumer facial recognition systems are trained on mostly white faces. It remains to be seen if Face ID suffers from racial bias. For what it’s worth, Apple says it’s trained Face ID with more than a billion photographs of people’s faces, but we don’t know how racially diverse those faces are.
  • Face ID apps for kidsApple’s App Review Guidelines contain age-related provisions preventing developers from building apps for kids that ask them to authenticate their identity using Face ID. According to Apple’s guidelines, Face ID is strictly for users 13 and over.
  • Visually impaired users—Face ID requires that you give the phone your full attention, posing a major challenge to blind people who often keep their eyes closed. Thankfully, Apple designed Face ID with those uses in mind. Firstly, Attention Awareness can always be disabled in Settings. And secondly, visually impaired users are offered to enable VoiceOver before enrolling a face to be prompted as to how to move their head to complete a scan (enabling VoiceOver during initial set up automatically turns attention awareness off).
  • Third-party apps—Developers do not have access to data from the DepthCamera. While Apple provides APIs that expose a depth map captured by the rear camera on iPhone 7 Plus and iPhone 8 Plus, or the rear and selfie cameras on iPhone X, this is not raw sensor data, it’s depth information that can be used in ARKit apps or for photographic effects in apps such as the Snapchat face filters shown during the keynote.
  • Evil twins—Face ID cannot successfully stop your sibling from accessing your device’s contents. Those who have an identical twin (on average, about four in 1,000 births result in identical twins) will really need to protect their sensitive data with a passcode.

Like with Touch ID, your passcode is required to reenable Face ID in any of the following cases:

  • The phone has just been turned on or restarted
  • The phone hasn’t been unlocked for more than 48 hours
  • After five unsuccessful attempts to match a face
  • The passcode hasn’t been used to unlock the phone in the last six and a half days (156 hours) and Face ID hasn’t unlocked the phone in the last four hours
  • The phone has received a remote lock command
  • When enrolling a face with Face ID

According to Apple’s developer documentation, the Face ID authentication dialog contains a Cancel button, as well as a passcode fallback button which is initially hidden and shows up after first unsuccessful attempts.

Wrapping up

And that’s it, boys and girls.

This overview of Face ID will hopefully give you a better idea how Apple’s new biometrics work. In case you have any lingering doubts as to how secure the system is, or other related questions, feel free to share them with fellow readers by leaving your comments below.

  • Greg Warren

    I wonder what the rationale is to limiting it to only one face. My wife and I each have a fingerprint on each others’ phones so we can get in if need be. That limitation is somewhat annoying. Hopefully they’ll reconsider down the road.

    • ProllyWild

      Agreed^

    • One could easily envision them adding support for multiple faces, just like with Touch ID. I think they first want to ensure that the system is working as advertised before adding support for more faces. They probably don’t want to increase the error rate by potentially confusing the system with multiple faces, which could discourage people from using Face ID in the first place. Just my $0.02

      • askep3

        Also considering the complicated process it has to go through to identify one fac, it will probably increase the amount of time to unlock if you have two install.

        I’m also guessing it has something to do with it growing with you and changing with you. If the other person looks similar to you it could throw off the machine learning

      • No it won’t. Just like Touch ID, the mathematical model kept in the Secure Enclave is simply updated with each scan and gets better over time. Machine learning cannot be thrown off with a false match, it can only be improved because it learns from those mistakes. For instance, if I shave my “mountain man” beard one morning and Face ID didn’t recognize me, I’d put in my passcode and it’d learn from that and use it for future scans. I’m pretty sure they will implement the ability to add more faces after they collect some real-world usage logs and see how the system perform in real-life scenarios.

    • Jamessmooth

      EXACTLY my thought when I read that part. Phone should be more than capable of more than one face. Need a reason to upgrade to iPhone XI, I guess…

    • Anonymouse

      If you know the passcode you can unlock

  • Tony Trenkle Jr.

    so uh if that racial thing happens that wont be good…cant wait for the “Apple is racist” posts. Although im sure this was thought of. They wouldnt put this on their phone if it could only recognize white people…

    • Steve Harold

      Already racist Muslim women

      • Tony Trenkle Jr.

        Huh?

      • Steve Harold

        In Muslim countries women can’t show their face in public and have to wear the towel over their face. Maybe Apple can advocate for women’s rights in these countries in order to accommodate

      • Tony Trenkle Jr.

        Yeah I know that, I’m talking about the technology not being able to recognize, say black or Asians. THAT would be a problem.

      • Steve Harold

        Yeah there shouldn’t be any limitations with that unless the sensors don’t act well to dark colors. Should be okay though as it used IR technology. It would be harder if it was purely a camera sensor as it would be easier to detect lighter skin in dark, and lighter skin and lighter skin has more contrast.

      • bashir
      • It also must be able to read their nose and mouth to work.

      • In those cases, they will have to use the passcode instead.

      • bashir

        What those it mean ?

      • Steve Harold

        In Muslim countries women can’t show their face in public and have to wear the towel over their face. Maybe Apple can advocate for women’s rights in these countries in order to accommodate.

      • ciscog1234

        It’s not a towel.

      • It’s called a niqab 😀

    • askep3

      I doubt that unless they are actually racist, there will actually be this issue. I mean in the past there have been more white faces in databases, and that’s what facial recognition was trained off of, but in this case Apple had to go and actually test the TrueDepth system on people themselves, since it doesn’t just use the camera. They probably split it equally among age, race, and gender

  • nonchalont

    Can’t wait to see what the JB community can do with Face ID.

    • Smegmatron

      What JB community dude? JB is dead

  • askep3

    “Face ID will work even if the device is held flat downwards.”

    So while laying flat on a table? Has this been confirmed? Maybe it just means it can be right blow your chin, but not on front of you on a table

    • TechnoBuff

      You are spot on with my concern raised a few days ago on this forum.
      There are numerous times people tend to unlock their phone with TOUCHID without looking at it directly just to glance peripherally at some apps, which i do often on a daily basis.
      If it requires the infrared camera to map your face somehow.. how does that even work when the phone is flat on a surface? also considering that the camera is not 180%.
      That is why an actual review is necessary… i fear this new feature will not be as easy to use as TouchID.

      • askep3

        Im guessing since it isn’t a camera it isn’t as limited in how large of an area it can scan. 180 degrees would be amazing but I doubt it would be feasible. If it can be used while set on a table that would be perfect, and maybe they thought of that

    • Here’s what Craig Federighi had to say about the kind of angles and distances you can be at in relation to your iPhone:

      “It’s quite similar to the ranges you’d be at if you put your phone in front-facing camera mode to take a picture. Once your space from eyes to mouth come into view that would be the matching range — it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.

      More here http://www.idownloadblog.com/2017/09/15/craig-federighi-interview-face-id/

      • askep3

        Ok so if you are holding the phone there will never be an issue, since you will always be pointing it at yourself to actually see the screen anyways. If it’s set on a table , it will have to be set under your head, not to the side somewhere

  • Konix

    Curious, can Face ID be completely disabled, for unlocking the phone at least? I’ve never used a passcode or Touch ID for unlocking on any of my phones.

    • Yes, in Settings → Passcode & Face ID. Simply disable iPhone Unlock under the Use Face ID For heading and that’s it. Again, just like with Touch ID.

  • kaliente

    Sleeping part makes no sense. How you can unlock your phone sleeping if you have eyes closed? It’s not even possible while unconscious

    • Christopher

      It’s so that someone else can’t grab your phone and scan your face while you’re sleeping.

      • kaliente

        No, he cant. FaceID works only when you look at the phone.

      • Christopher

        That’s what I’m saying.

      • kaliente

        Yep, sorry I have missed “can’t” 😉

      • Christopher

        No worries

      • I know what you mean, but if you disable Attention Awareness in Accessibility settings that will prevent Face ID from requiring that your eyes be open when scanning. In which case anyone could grab your phone and scan your face while you were sleeping to gain access. But there’s a workaround for that, too. Before hitting the bed, remember to hold either of the volume buttons and the Side button simultaneously for a moment of two. This will disable Face ID immediately and require a passcode to reenable it.

      • kaliente

        If someone disables this on demand, then we cant consider it as FaceID flaw. We can disable passcode at all, and this would be risk user takes 😉

  • Roi Keren

    At my work place, camera is software disabled for security reasons (with mdm policy). Will face ID work if camera is disabled?

    • I’m guessing disabling Camera access using Parental Controls would have no bearing on Face ID because it doesn’t use the RGB camera at all.