FaceID is Brilliant Because It’s Subtraction Instead of Addition

The iPhone X

I think one of the best ways to think about the advancement that FaceID represents is to realize that it’s removing an action instead of adding one.

So the goal for mobile device security shouldn’t be just making security better, but also making it less visible and explicit.

FaceID is an upgrade not just because it’s more accurate than TouchID, or because it’s a faster way to authenticate—it’s an upgrade because you are basically removing the authentication step entirely.

A great way to visualize this point is to imagine a similar handheld device from a superior alien race. Assuming they needed such an interface or display at all, they would simply handle their device normally and it would still allow them to perform sensitive actions.

To an unfamiliar observer it might seem like no authentication took place, like one could just pick up any device and start taking sensitive actions on their behalf. But in reality all of that functionality had just been removed from the workflow and done automatically. It’s security made invisible and effortless.

That’s what FaceID is, and why it represents such an improvement: it adds security while removing friction.

That—even more than its accuracy or speed—is what makes it the future.

Notes

1. And before you say that Samsung did this a long time ago, keep in mind that it doesn’t count if you just add convenience but also remove security. That’s easy to do.

Related posts:

1. A Rudimentary Threat Model Framework for Password vs. TouchID vs. FaceID

2. FaceID Adds a Step for Apple Pay, and For Good Reason

3. The Real Internet of Things: Identity and Authentication

4. My Quick Thoughts on the iPhone X

5. Moving Application Authentication to the Operating System