Hidden Content
Biometrics are generally a good alternative to passwords, but authentication via face-scanning is a terrible idea, according to security expert Max Eddy.

People with my job need to be interested in, and at least passingly excited about, new technology. Sure, we need to maintain distance from the hype cycle (3D TV, anyone?), but a creeping cynicism that depletes enthusiasm for new, exciting ideas is just as toxic. So when Apple debuted FaceID I stayed mostly quiet about it. Now that Google has followed suit with facial recognition built into its Pixel 4 phone I think I can safely say that I've given my dislike a chance to mellow into a fine, nuanced hatred.
OpinionsFacial recognition is bad. It's really bad. It's a poor system for verifying identity or intent, it's overly permissive, and it trains us to be okay with having our face scanned. In conclusion, facial recognition in consumer technology is the end of civilization as we know it. Thank you for coming to my TED talk. You want more details? Fine.

It's All About Intent
Continuing with the examples of Google and Apple, I should make it clear that they both address the most dystopian fears surrounding face-scanning. No, your face data doesn't leave your phone. No, your biometric data isn't stored in such a manner that would allow your face to be reconstructed. And yes, you can switch it off (and be stuck with a crummy password or crummier PIN). However, both Google and Apple forgot or ignored that verification is also about intent.
When I enter my password, I am signaling my intent to do something. I wouldn't write down any password in any other context. While it's possible to accidentally tap a fingerprint reader, it's still an action you have to take—a signal of intent.

Facial recognition is a crummy model for securing anything because you can't signal your intent. A great and very recent example is Google's Pixel 4. It has been widely reported that the phone's Face Unlock feature works even when your eyes are closed. I suppose we can all marvel at Google's ability to detect who we are even when we're out cold, but it opens the unpleasant possibility that your phone could be unlocked while you're asleep, unconscious, or dead.

SecurityWatchIf that weren't enough, Google's own support documentation points out that if someone shoves your phone in your face, it will unlock whether you want it to or not. "Looking at your phone can unlock it even when you don't intend to," says the site. Your phone can be unlocked by someone who looks a lot like you, like an identical sibling. And, to reiterate, "Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed."
While FaceID requires that your eyes be open, it has the same fundamental problem. Any time your phone is out and you're facing it, it is unlocked and ready for use.
It's interesting that Apple does address the problem of intent in Apple Pay on devices that use FaceID. When you make a purchase, you have to look at your phone for verification and press the lock button twice. You might accidentally look at your phone, you might even accidentally hit the button, you're not very likely to do all of those things at once unless you're making a payment.

It's Bad-Habit Forming
Facial recognition writ large is far, far scarier than most other kinds of biometric identification. Let's imagine a room full of people, and the police are looking for one individual. If the police only have that person's fingerprint, they'd have to examine the hands of every single person in the room. That's not only tedious, but it tips off everyone there that something is up.
Now imagine that instead of fingerprints, they have a photo of the person's face, discreetly positioned cameras, and the software required to match that photo to a living face. The police can now scan the entire room without the people realizing it. The police can also now track the person moving around the room, learning far more than whether or not the person is simply present.

This second example is already happening in some places. Chinese police officers have reportedly been outfitted with face-identifying glasses that can spot specific people in large groups. The UK has blazed a trail in camera surveillance. Artificial intelligence can not only match a person to a face, but Google Photos has demonstrated that it doesn't take very much data to match a person to any picture of them—whether as an elderly person or an infant. US airports are using face scanners on travelers on international flights. Ring is making deals with police agencies to promote its camera doorbells, and providing a platform for police to request video from people. The future is now, and it's dangerous.

Facial recognition has already found its way into that paragon of privacy (said with intense sarcasm), Facebook. Facebook recently admitted it created, then shelved, a face-scanning app that allowed a user to identify people by pointing a phone at them. The service can already automatically identify people in images and videos. The number of places ready to accept our face data is growing.
Given that kind of potential, I fear very much that FaceID, Face Unlock, and similar facial recognition technologies are training us to be comfortable with our faces being scanned. We shouldn't ever become comfortable with that.

Biometrics Are Good, Actually
There are a lot of pitfalls with biometric identification, but I've been pleasantly surprised to see companies have avoided many potential failures. Apple and Google both have taken steps to ensure that biometric data is abstracted and secured, making it effectively impossible for it to be extracted or abused. That's the worst case.
It's also far easier for law enforcement to compel you to submit to a biometric scan of some kind, as opposed to revealing a password—both in a legal and logistical sense. To both Google and Apple's credit, the companies include a mode to lock biometric scanning for a set period of time, and instead require a traditional password.

Despite these concerns, I'm for biometric authentication. Biometrics are also easier for people to use than strong passwords. That's why we have an entire roundup of password managers, after all. Biometrics are also far safer than easily guessable PIN codes, which are effectively just extremely weak passwords. Adding biometrics to mobile devices has meant people are actually locking their phones, which secures all their accounts and data, and allows the whole thing to be safely wrapped in encryption. It's a huge overall win for security and privacy.
The problem is that newer isn't necessarily better. The humble fingerprint reader that debuted on iPhone and found its way to many other mobile devices was, to my mind, the more elegant solution. It's hard to trigger accidentally, it's an easily recognizable signal of intent, and it's secure. Why did we move away from them? I don't know for sure, but I strongly suspect that edge-to-edge screens have a lot to do with it.
I don't know what the best strategy is for incorporating biometrics in an all-screen world, but I do know that I won't ever be buying a device that requires my face be scanned.