Why using facial recognition on your phone could leave you vulnerable

Biometric authentication—the ability to unlock your devices by using just your face or fingerprint—is one of the few smartphone features that, even today, leave me feeling like we’re living in the future. When I was a kid, technology like facial recognition was limited to science fiction. But as cool and useful as biometric authentication is, the technology can also leave us vulnerable. Here’s why—and how to protect yourself.

It’s not just journalists and activists who can have their biometrics used against them

Last month, journalists got a stark reminder that their biometrics might not keep the data they have on their devices safe from law enforcement searches. While the Fourth Amendment usually protects an individual from having to turn over a PIN code or password for a device, courts have generally ruled that the same protection doesn’t apply to biometrics.

This means that in some cases, authorities can compel you to unlock your phone with your fingerprint or facial scan. It’s why many press freedom and civil liberty organizations have long advised journalists and activists to disable biometric authentication like facial recognition on their devices and return to requiring a passcode to unlock them.

But it’s not only journalists and activists who have to worry about their phones’ biometrics making them—and their data—vulnerable. A phone’s most convenient identity verification feature can leave any one of us exposed. There have been reports of people unlocking their partners’ phones using their biometrics while they were sleeping, as well as reports of criminal gangs forcing victims to unlock their phones with their biometrics to steal cryptocurrencies.

Of course, sometimes forced biometric unlocks are less nefarious. I’ve heard parents complain that their children have unlocked their phones by holding the device up to their face, or with a touch of their fingerprint, while they were sleeping, in order to disable software that restricts the internet in their house after certain hours.

If someone wants to gain access to your phone, and you happen to be physically available (unknowingly or not), all the person needs is access to your face or finger to do so.

Giving up convenience for more security

While biometric authentication is one of the most convenient features of today’s smartphones, the scenarios above exemplify how the technology can leave us at risk. However, if you are in a situation where you believe that your biometrics may leave you vulnerable, there are, thankfully, some easy steps you can take to mitigate this risk.

The first is to permanently disable biometric authentication on your smartphone. Doing so means you’ll need to enter your passcode every time you unlock your phone. Yes, it will take a couple of seconds longer to get to your home screen—but it also means that no one can steal your face or finger and unlock your phone while you’re sleeping.

To disable your iPhone’s biometrics (called Face ID or Touch ID, depending on your iPhone model), open the Settings app, tap “Face/Touch ID and Passcode,” and then toggle the “iPhone Unlock” switch to “off.” 

For Android users, disabling the facial or fingerprint biometric feature may differ slightly, depending on your phone model. On a Pixel phone, you can disable fingerprint unlocking by going to the Settings app, tapping “Security and privacy” and then “Device unlock,” and then deleting your registered fingerprints.

When in doubt, restart

Of course, biometric authentication like facial recognition is one of the great conveniences of modern life—one that many of us would have a hard time giving up for good. If you fall into this camp but still want the extra security that disabling biometric authentication provides, you can quickly deactivate the biometric unlock feature on your iPhone or Android device by restarting it.

When your phone shuts down and restarts, your biometrics will not unlock the device until after you enter your passcode. Many activists use this trick when crossing borders or attending politically contentious events.

And it’s not a bad one to remember right before you turn off the nightstand light, if you think your kids might be waiting until you fall asleep to snatch your phone.

View the full article