2) you force me to be more precise. you are right. Biometrics are not immutable. However, you as a user have only a certain amount of control over their mutability. Can't change the nose you have, can you? A passoword's mutability is more in the control of the user, I'd argue.
3 ) I'm not worried about my personal profile picture and personal data. I am worried about society as a whole (including corporations etc.). Modern social media and corporate tools like slack increasingly "pressure" / "massage" people into uploading a real photo of your face. If face ID is to become a standard, I guess that's something that should be taken into consideration? Don't you think so?
4 ) If face ID is the "front door", does breaching the "front door" not make whole systems vulnerable, as credentials for other, more "secure" forms of authentication are hidden behind that "front door"?
5 ) Is handing over the "intelligence" to detect a valid / invalid credential to AI such a good idea?
6) Food for thought. I had to load a Chinese app on my phone for a business trip. It required face recognition, and required me to blink during face identification, presumably to fend off the "putting a picture in front of the camera" attack vector. Assuming they do not implement security mechanisms for nothing, because it costs money to do so, must I now conclude that standard face ID without blinking is insecure?
I'm just asking questions to which I don't have all the answers here. I remain unconvinced, but I wouldn't be offended if someone proved me wrong.
2) you force me to be more precise. you are right. Biometrics are not immutable. However, you as a user have only a certain amount of control over their mutability. Can't change the nose you have, can you? A passoword's mutability is more in the control of the user, I'd argue.
3 ) I'm not worried about my personal profile picture and personal data. I am worried about society as a whole (including corporations etc.). Modern social media and corporate tools like slack increasingly "pressure" / "massage" people into uploading a real photo of your face. If face ID is to become a standard, I guess that's something that should be taken into consideration? Don't you think so?
4 ) If face ID is the "front door", does breaching the "front door" not make whole systems vulnerable, as credentials for other, more "secure" forms of authentication are hidden behind that "front door"?
5 ) Is handing over the "intelligence" to detect a valid / invalid credential to AI such a good idea?
6) Food for thought. I had to load a Chinese app on my phone for a business trip. It required face recognition, and required me to blink during face identification, presumably to fend off the "putting a picture in front of the camera" attack vector. Assuming they do not implement security mechanisms for nothing, because it costs money to do so, must I now conclude that standard face ID without blinking is insecure?
I'm just asking questions to which I don't have all the answers here. I remain unconvinced, but I wouldn't be offended if someone proved me wrong.