I'm not talking about exercise. I'm actually talking about the new iPhone. If you're an iPhone aficionado, you might be rather excited right now about the new FaceID functionality Apple has just unveiled. Being able to unlock your phone just by looking at it is great, right?
It's an interesting technical challenge. It's a vaguely futuristic feature to use as product's selling point. It plays on our need to have things done for us. It makes an already easy job - typing in a passcode or tracing a pattern - even easier. It's spy tech for the masses, but great?
Not so much if you want to keep your private data private. And not at all if you want to keep yourself and your personal information safe.
Information security is a hot topic. With reports of cyber attacks and online scams moving from once in a blue moon into the realm of daily news, we should be much more aware of how we protect ourselves. But are we? Or do we treat information security as something that only affects big corporations?
Many articles commenting on the new iPhone and the FaceID feature will probably mention that the police can use FaceID to unlock your phone against your will. They just have to hold it up in front of your face. That's probably true, but I'd like to think that most of us are much less likely to be challenged by law enforcement, than being the victim of theft.
Having your phone snatched is not an uncommon occurrence. If you ever lost yours you'll know it's annoying, time-consuming, and costly to replace. If you've had yours stolen, there's also the anger at having something of yours taken without consent. In most cases, though, you've "only" lost a personal possession. Thieves rely on a quick grab and quicker getaway.
With FaceID, though, the stakes have just gone up.
Imagine the scene: you're out shopping with friends. It's busy. You've just pulled out your phone to take a snapshot of a new dinner service when the device is ripped from your hand. You spin with an angry shout and - instead of seeing the vanishing back of the thief as he darts into the crowd - he's there right in front of you. He almost shoves the phone into your face in his haste to unlock it and you can see him: the green beanie, the black jumper under a padded jacket, his face... everything. You don't even have time to think that you've seen enough to describe him when he pulls out a pepper spray... or a knife...
With FaceID, thieves can get so much more than just a valuable handset they can pass on for some cash. They can get hold of much of your life: email, passwords, photos, your online persona, your home life, maybe even your bank accounts. Data like this, data that allows criminals to steal your identity, is worth a lot more than a handset. To a determined thief, it may even be worth a little violence.
Not to mention that - with social media - most of us have our faces all over the web. And a good 3D model might be able to fool an iPhone camera. So does face recognition equal a safe way to keep things locked up? I think not.
ABC, or always be careful, is still the first tenet of information security. Using your face to unlock your phone, and thereby your life for someone's grabby little hands is not keeping safe. Even if FaceID makes it sooo much easier to unlock your phone. Is saving a few seconds really worth what a thief can take from you in exchange?