Imagine a world where all we really need is our face to get anywhere, in the physical or digital world. No this isn’t an Apple ad for FaceID, but a take on where this technology can go.
We can all realize how easy it would be to not have to remember 10 different passwords or one overly complex one for a password manager for the 25 different online services. How convenient would it be to never have to remember keys as well as passwords? I can’t tell you how many times I have been halfway out the door and realize I don’t have my car keys or my proximity card. It can be a lot to remember when I need to make sure I have all of my daughter’s stuff, in addition to my school, my gym and my work stuff as we are inevitably running late for everything.
This is the realm where FaceID has already entered and is the easiest to integrate as almost every device we use has a front facing camera. Integrating FaceID with Apple’s Keychain or Google’s AutoFill feature could make log in screens and online forms a thing of the past. Since we are already looking at these screens the hard part would be letting the user know or giving the user control over this feature. Some people might be ok with FaceID automatically turning on and filling in text fields with zero input from them, but most want to know when they are being scanned by a computer. A simple solution would be to ask the user in the same way we can sign in with Facebook or Twitter.
This solution doesn’t create confusion for the user as it presents them with a solution they are already comfortable with. A similar solution could be made for filling forms out. When a text field is selected instead of showing an AutoFill suggestion below the field there could be a “fill with FaceID” option as shown below.
The information stored behind FaceID is very sensitive and if hacked can be very dangerous. To deter this we should take a page out of Apple Pay’s book.
Apple Pay uses Tokens — single use access codes — to allow department stores access to your financial information, but after the transaction is finished the Token is as useless as an expired credit card number. So in order to fill in text fields with sensitive information FaceID will send a Token to the 3rd party requesting access (filling out the form) and the Token — not the sensitive information — will be used to log in. In other words your FaceID scan activates a one-use key that unlocks the service and is then useless. The token can’t be used to get your sensitive information because it doesn’t have it, it is only an authorization that the information is there, correct, and needs to be used.
Now that the user can be aware of the usage of FaceID online, and be secure in it’s use let’s take a look at how FaceID can be integrated into physical security.
One nice thing about physical security is that you want it to melt into the background as long as you are authorized. Any physical tells on how a system might be working can make the system more vulnerable so effortless FaceID security makes even more sense in physical security.
Looking further in the future cameras could be installed in every car, building, and doorway to do the actual scan, but this involves massive investment from the people constructing these cars, buildings and doorways. So we’ll have to rely on what we have now for this security.
More realistically we use our phones’ front facing cameras for authentication everywhere. We are all already looking at our phones 24/7 so while you are texting a friend a notification comes up for confirmation to unlock your front door. You tap it, the lock moves, and you walk right in without ever missing a step in your text. A similar idea with secure Tokens would have to be implemented in this market as it is in the online world. The great part is that most of this infrastructure is already here as well. Smart Locks have apps, cars are starting to have apps, and businesses will have some type of online two factor authentication app that can be expanded to include physical security. The Token then can be used through these services to unlock everything in our lives.
In a world where our eyes are never off our phone we should be able to use that attention for more than just looking at emails and Reddit. Our phones and FaceID can ultimately become the only key we ever need.