You could have it set up where your face is the one-and-only thing that identifies you, but that doesn't seem to be the case in practice.
Instead, we have the multipart authentication used in many places today: something you know (password), something you are (biometric fingerprint/face), and something you have (your physical device, your email account, your phone number).
Any one of these has downsides (stolen password, biometric misidentification or duplication, redirected phone number) but in combination with the others makes it much harder to circumvent authentication.
Almost all systems have some kind of fallback that rely on a 'something you know' like a master password, and can optionally only be changed if you have other authentication methods (like physically having the device in your hands).
Having multipart authentication allows for a better user experience (look at your phone and it unlocks) with an acceptable amount of risk (you have to have your phone and be you in order to unlock it), with systems to fallback to if something fails (get the super secret password off that slip of paper you hid in your mother-in-laws garden shed behind the loose brick in the wall). The typcial authentication flows are both more secure and more convenient, and the user is responsible for the security of the backup.
You could have it set up where your face is the one-and-only thing that identifies you, but that doesn't seem to be the case in practice.
Instead, we have the multipart authentication used in many places today: something you know (password), something you are (biometric fingerprint/face), and something you have (your physical device, your email account, your phone number).
Any one of these has downsides (stolen password, biometric misidentification or duplication, redirected phone number) but in combination with the others makes it much harder to circumvent authentication.
Almost all systems have some kind of fallback that rely on a 'something you know' like a master password, and can optionally only be changed if you have other authentication methods (like physically having the device in your hands).
Having multipart authentication allows for a better user experience (look at your phone and it unlocks) with an acceptable amount of risk (you have to have your phone and be you in order to unlock it), with systems to fallback to if something fails (get the super secret password off that slip of paper you hid in your mother-in-laws garden shed behind the loose brick in the wall). The typcial authentication flows are both more secure and more convenient, and the user is responsible for the security of the backup.