PIN). But both Google and Apple forgot or
LJQRUHG�WKDW�YHUL¿FDWLRQ�LV�DOVR�DERXW�LQWHQW��
When I enter my password, I am signaling my
intent to do something. I wouldn’t write down a
password in any other context. While it’s possible
WR�WDS�D�¿QJHUSULQW�UHDGHU�DFFLGHQWDOO\��LW¶V�VWLOO�DQ�
action you have to take—a signal of intent.
Facial recognition is a bad model for securing
anything, because you can’t signal your intent. A
great recent example is the Google Pixel 4. It has
been widely reported that the phone’s Face
Unlock feature works even when your eyes are
closed. I suppose we can all marvel at Google’s
ability to detect who we are even when we’re out
cold, but it opens the unpleasant possibility that
your phone could be unlocked while you’re
asleep, unconscious, or dead.
If that weren’t enough, Google’s own support
documentation points out that if someone shoves
your phone in your face, it will unlock whether
you want it to or not: “Looking at your phone can
unlock it even when you don’t intend to,” says the
site. Your phone can be unlocked by someone
who looks a lot like you—say, an identical sibling.
And to reiterate, “Your phone can also be
unlocked by someone else if it’s held up to your
face, even if your eyes are closed.”
Although Apple’s Face ID requires that your eyes
be open, it has the same fundamental problem.
Any time your phone is out and you’re facing it, it
is unlocked and ready for use.
It’s interesting that Apple does address the
problem of intent in Apple Pay on devices that
M
a
x
E
d
d
y
@wmaxeddy
