Shortly after Apple announced the iPhone X and Face ID back in September, the Duo team has been excited to test the security properties of this new technology, and consider how we would add support for facial recognition to Duo.
There has been a lot of criticism about Face ID: its lack of ability to secure more than one face, questions about recognition speed, as well as privacy implications of 3D facial scan data. Apple has responded to many of these concerns in an official statement and by releasing a security brief on Face ID’s inner workings.
However, in practice, our Duo Labs security research team has been satisfied with the security properties of Face ID as compared with Touch ID. Face ID builds on many of the security advancements Apple made with the introduction of the Secure Enclave when it added Touch ID to devices a few years back. There are also some great changes in iOS that put security first on the iPhone X, like defaulting to notification privacy without any loss in usability or convenience.
Now that we have a few iPhone Xs floating around the Duo office, we’ve put Face ID to the test—and we’re impressed.
The combination of the TrueDepth camera, the Secure Enclave Processor (SEP), the new custom GPU architecture (A11 Bionic chip with Neural Engine), and on-device machine learning (Core ML in iOS 11): all result in ensuring Face ID is effective, secure and privacy-friendly. With Face ID, iPhone users can use longer and stronger device passcodes to strengthen their keychain security, while maintaining convenience and ease of use.
Face ID will likely bring usable facial recognition capabilities to consumers, and we certainly expect to see Apple add Face ID to future devices. With Face ID, Apple has created security that blends into the background and gets out of the way, making it extremely usable. Duo believes that usable security is effective security, and we certainly believe Apple has achieved that with Face ID.
With a stamp of approval from our Security team, our Mobile team has added support for Face ID and compatibility with the new form factor of the iPhone X with the release of version 3.19 of Duo Mobile, which we released on the eve of the first iPhone X deliveries, November 3rd.
And thanks to our Duo Restore feature—launched earlier this year—getting Duo Mobile up and running on your new phone is a breeze. Along with support for Face ID during authentication, we’ve also updated our Security Checkup feature to work with Face ID.
Duo administrators can create a biometric policy via the Duo Admin portal, which will add a biometric check when approving authentications to services protected by Duo. Our new biometric policy with support for Face ID replaces our fingerprint-specific policy, making it easy for administrators to add additional biometric checks regardless of whatever biometric factor their end users’ devices support—whether it’s Touch ID, Face ID, or Android Fingerprint.
In under a week, we’ve seen over 20k unique iPhone X devices running Duo Mobile quickly rising into our top 20 list of active device models, making it one of our fastest adopted mobile devices Duo has seen. To put that in perspective, in the past year, Duo has seen over 6,000 unique device models running Duo Mobile.