The Biometrics Debate: Why I'm Keeping Face ID (And You Might Want To As Well)
I’ve been following an interesting thread on privacy forums lately about Face ID and biometric authentication. The consensus from the privacy-conscious crowd seems to be: ditch Face ID immediately, it’s a security nightmare. But here’s the thing – after reading through dozens of comments and thinking about my own usage patterns, I reckon most of this advice is actually making people less secure, not more.
The argument goes like this: law enforcement can compel you to unlock your phone with your face, but they can’t force you to reveal your password. Technically true, particularly in the US with their Fifth Amendment protections. But this laser focus on one specific threat scenario completely ignores the far more common risks most of us face every single day.
Let’s be honest about how humans actually behave. When I see someone advocate for ditching biometrics entirely, I wonder what they think the average person will replace it with. A 20-character alphanumeric password with special characters? Maybe if you’re a security researcher or someone with genuine state-level threats to worry about. For the rest of us? We’re talking a four or six-digit PIN that we’ll probably use on multiple devices because we’re trying to balance security with actually being able to use our phones without losing our minds.
Someone in the discussion made a brilliant point that really resonated with me: biometrics with a strong backup password is vastly superior to a weak password used alone. I’ve configured my iPhone with a 12-digit passcode – not quite Fort Knox, but strong enough that brute-forcing it would take an absurdly long time thanks to the Secure Enclave chip. But do I want to type that in every time I check my phone? Absolutely not. That’s where Face ID comes in.
The beauty of modern biometric systems is they’re not the simple photo-matching systems people imagine. Face ID uses depth sensors and lidar to create a 3D map of your face, and it requires you to actually be looking at the device with attention. A photo won’t work. A realistic mask won’t work. Even your identical twin would struggle (though admittedly, Apple’s documentation is a bit hand-wavy on that one). The biometric data isn’t even stored as a face – it’s converted into an irreversible cryptographic hash combined with your device’s unique hardware key. Even if someone extracted that data, which is already nearly impossible, it’s useless anywhere else.
What really gets me is the shoulder-surfing risk that nobody talks about enough. I was grabbing a batch brew at a café in Fitzroy the other week, standing in line, and I could see the PIN of the person in front of me without even trying. They had no idea. Modern surveillance cameras, particularly the high-resolution ones being deployed everywhere, can easily capture you entering your passcode. There are even AI systems now designed to zoom in on phones in public spaces. Your face is already captured constantly – at least Face ID means that’s not enough to access your device.
The “law enforcement can make you unlock with Face ID” argument also falls apart when you understand how quickly you can disable it. Five rapid presses of the power button on an iPhone instantly requires the passcode. Hold the power and volume button together – same result. Hell, just look away or close your eyes when they’re trying to force unlock it. The attention detection means it simply won’t work if you’re not actively looking at the device. Try forcing someone to both look at a phone AND keep their eyes open – it’s harder than it sounds.
I’m not saying there aren’t scenarios where biometrics are the wrong choice. If you’re a journalist working in an authoritarian regime, an activist likely to be detained, or someone who regularly crosses borders where device searches are common, then yes, you probably want a different setup. Maybe just a strong alphanumeric password, or maybe no phone at all in those situations. But for most of us? The daily risk of someone shoulder-surfing our PIN or our phone being stolen while unlocked vastly outweighs the risk of being compelled to Face ID unlock by authorities.
The threat model matters enormously here. I’m a middle-aged IT worker in Melbourne. My biggest realistic threat isn’t ASIO demanding access to my phone (though I appreciate they probably could if they really wanted). It’s my phone being stolen on the tram, or someone looking over my shoulder at Flinders Street Station, or leaving my device on a table at a pub while I go to the bathroom. For those scenarios, Face ID with a strong backup password is objectively better than a weak PIN I type in twenty times a day.
There’s also the accessibility angle that often gets ignored in these discussions. Not everyone has the dexterity or vision to reliably enter complex passwords on a small touchscreen. Biometrics can be genuinely empowering for people with certain disabilities. Dismissing them entirely as “security theatre” ignores real human needs.
What frustrates me about the absolutist “never use biometrics” position is that it’s security advice divorced from reality. Yes, biometrics aren’t perfect. Yes, there are specific scenarios where they’re inappropriate. But telling everyone to abandon them entirely, without acknowledging the trade-offs, just pushes people toward weaker overall security through passwords they can’t realistically manage.
The real answer, boring as it might be, is: use biometrics with a strong backup password, understand how to quickly disable biometrics when needed, and adjust your security posture based on your actual threat model, not a theoretical worst-case scenario that’s unlikely to affect you. Security isn’t one-size-fits-all, and pretending it is just makes us all less safe.
Right, I’m off to make sure my daughter hasn’t somehow disabled all the security on her phone again. Teenagers and security hygiene – now there’s a real challenge.