- If you haven’t used Face ID in 48 hours, or if you’ve just rebooted, it will ask for a passcode.
- If there are 5 failed attempts to Face ID, it will default back to passcode. (Federighi has confirmed that this is what happened in the demo onstage when he was asked for a passcode — it tried to read the people setting the phones up on the podium.)
- Developers do not have access to raw sensor data from the Face ID array. Instead, they’re given a depth map they can use for applications like the Snap face filters shown onstage. This can also be used in ARKit applications.
- You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
Lots of people in the threads here yesterday seemed to misunderstand how these things are implemented. Importantly, you cannot set up FaceID without first setting up a password (biometrics are a carrot for getting users to set up passwords, not intended to subsume passwords), and you'll still be prompted for a passcode around once a week so you won't go forgetting it.
AFAIK you need to be actively looking at the screen and touch the screen for it to unlock.
Simply glancing at the phone sitting on your desk will not cause it to unlock, as far as I can tell.
There's speculation that the demo failure was because they had staff clean/handle the devices before the demo - i.e., they both looked at the device and touched the screen. Of course, lots of uncertainty around this particular botched demo.
This is what the article says, but it's also been reported to take just 2 failures with Face ID before requiring a passcode (as opposed to 5 with Touch ID). I can't remember now if that was said by Apple directly on Tuesday, but I've seen the "2" figure reported several places, so I'm not certain which is right.
But it's pretty simple to convert a depth map to a mesh, so I'm not sure how this offers protection. Perhaps the depth maps the developers are given are decently low-res?
Protection from what? You’re willingly pointing a 3D camera at your face and giving a 3rd party permission to use the data. What exactly are you seeking protection from?
How? They can't access the secure enclave. If they make a fake 3D mask out of the map identical to your face, it's not going to work either, they've tested that.
This isn't Samsung dumping underbaked technologies on the world. Apple actually puts some thought into these things.
I think the concern is more around privacy the face data: Apple says they don't store it on their servers or track it, but how good a model of your face can they get from the depth map they get.
E.g., would Snapchat or Facebook now be able to pull a 3d model of the face of all their iPhone X users into their own servers?
The 4 hour rule sounds VERY annoying. It means for example I'll be forced to type my passcode after waking up. So many years of Touch ID will make such a burden UNBEARABLE.
I think that's a misinterpretation. Here is the full quote:
> You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
You already need a password if you haven't used TouchID in 48 hours.
This rule seems to exist to make sure you have to enter your password after about a week if by then you go over 4 hours without using FaceID.
You don't need to use a password any time you go more than 4 hours. I agree that would be insane and would be much stricter than what they apply to TouchID (which they say is less secure).
EDIT: I notice the GP's comment seems to have been edited since the time you posted yours.
That's not the way I understand it. I read it as "you'll need the pass if you haven't unlocked with touch id in 6.5 days AND you'll need the pass if you haven't unlocked with face id in 4 hours"
This interpretation is very unlikely, given that it would be redundant with the first bullet point: "If you haven’t used Face ID in 48 hours [...] it will ask for a passcode".
Assuming that Apple engineers aren't stupid, the correct interpretation is "we want people to enter their passwords at least once a week so they don't forget them, but we also don't want to bother them if they're in the middle of something". So yes, once a week, you will be forced to type your password upon waking up.
I read it as "you need to enter your password if you haven't used your phone in a week, but if you use your phone every day, you only have to enter your password after each reboot"
That part was worded in a bit of a clumsy manner I think. It is in combination with not entering the passcode in X many days, as it already is with Touch ID (You may have already experienced this occasionally - waking up and randomly needing to enter your passcode instead of being able to use Touch ID).
Touch ID had the same 4 hour rule. Note that the 4 hours time limit only comes into play if it's been 6.5 days since you last used your passcode. The full rule ensures that you need your passcode approximately once a week, and the 4 hour thing basically just means you won't be surprised with a passcode request 5 minutes after you successfully unlocked it with your face.
- If you haven’t used Face ID in 48 hours, or if you’ve just rebooted, it will ask for a passcode.
- If there are 5 failed attempts to Face ID, it will default back to passcode. (Federighi has confirmed that this is what happened in the demo onstage when he was asked for a passcode — it tried to read the people setting the phones up on the podium.)
- Developers do not have access to raw sensor data from the Face ID array. Instead, they’re given a depth map they can use for applications like the Snap face filters shown onstage. This can also be used in ARKit applications.
- You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
Lots of people in the threads here yesterday seemed to misunderstand how these things are implemented. Importantly, you cannot set up FaceID without first setting up a password (biometrics are a carrot for getting users to set up passwords, not intended to subsume passwords), and you'll still be prompted for a passcode around once a week so you won't go forgetting it.