Looks like Apple’s not alone in the race to own your face. According to a report by TechCrunch, Facebook has developed its own facial-authentication software. However, unlike Apple’s Face ID, Facebook’s feature will be used only during the account recovery process.
The company seems to be pitching it as an easier way to regain access to your profile, saying in a statement to TechCrunch that:
“We are testing a new feature for people who want to quickly and easily verify account ownership during the account recovery process. This optional feature is available only on devices you’ve already used to log in. It is another step, alongside two-factor authentication via SMS, that were taking to make sure account owners can confirm their identity.
This would be a step up security-wise from Apple’s Face ID, as a more narrow use of the technology translates to significantly fewer security risks. The news was also confirmed in a tweet by Matt Navarra, social media director for TNW, who received this screenshot of the new feature from social-media researcher Devesh Logendran (an alias):
However, like Apple’s announcement earlier this month, the very existence of the feature raises a number of serious privacy concerns for users. And the lack of specifics regarding Face(book) ID doesn’t help the situation either. While it’s certainly a plus that the feature must be used alongside some form of two-factor authentication, it’s 2FA via SMS, one of the weakest versions of multi-fac. Additionally, there’s no telling whether or not Facebook will be storing your face data locally on your device — which is by far the most secure choice — or in the cloud somewhere.
No matter how safe and secure a system is intended to be, there will always be flaws. Usually these sort of minor mistakes and random hacks have a minimal impact on users — you simply reset your password and go about your life — but when that password is something as unchangeable as your face, everything becomes significantly more complicated.