Shortly after Christmas, I made my semi-annual pilgrimage to the AT&T store to pick up a new phone. As an early adopter of the original iPhone®, I’ve stayed with iOS devices over the years, but I know other manufacturers are producing amazing phones of their own. (This article is not about iPhones, it’s about the technological evolution of user authentication and what that means for financial services. If you’re not an iPhone user, this article is still for you!)
Because Apple® did its usual excellent job of hyping new features, I was curious to see Face ID®, the iPhone X’s (pronounced “iPhone 10” not “iPhone X” – think Roman numerals) new facial recognition feature.
To my surprise, I think Face ID may represent a watershed moment in the evolution of authentication.
I’ve been identifying myself to secure mobile apps for nearly a decade now, and the methods used have run the gamut from typing user IDs and passwords to answering challenge questions, entering codes delivered via SMS, and even providing my fingerprint. In their turn, each of these iterative improvements made my technological interactions more secure. Some of them came at the price of a markedly less enjoyable user experience, while others made the flow slightly easier – once I got used to them.
This same process has been going on for decades at retail cash registers, where mag stripes, PINs, EMV chips, and now tokenized mobile payment applications have increased security for card transactions. And, as with mobile devices, each iteration improved security, while not always providing a more beautiful user experience.
Which brings us back to Apple’s Face ID. While other apps and providers have used facial recognition for various purposes for years, Apple’s new deployment takes it a step further by making it the primary user authentication method on the iPhone X. Face ID is substantially more accurate than Touch ID, Apple’s fingerprint authentication method, and the average iPhone user doesn’t need to worry about reports of hackers fooling Face ID technology, since doing so requires a 3-D printer, some creativity, and your actual phone. And kudos to Apple for putting some serious planning behind this effort. As announced in September 2017, any app that uses Touch ID on earlier phones will automatically support Face ID. Apps that leveraged Touch ID get Face ID “for free” on the new phone.
So, after all these years of authenticating myself in different ways, Face ID lets me do something new to identify myself: Nothing. When I open my online banking app to check my account, I zip right in. When I pick out a new app from the store, it downloads right away. When I tap the icon to view my secure corporate email, it pops right up. In short, it’s seamless. Unless I watch the screen closely for the little Face ID icon, the experience feels like having no authentication at all.
Why is that revolutionary? After all, isn’t Face ID just an upgrade over Touch ID, which was also a form of biometric authentication? Yes. But now, instead of me authenticating myself to my phone, it identifies me. Every previous authentication method required the user to take the first step. Now, for the first time, my phone proactively authenticates me. And that feels like a bit of a sea change.
From an industry perspective, Face ID makes those scenes in the movie Minority Report – the ones where retina scans identify each customer as they walk into the store and welcome them by name – seem a lot closer to reality. After more than a decade of looking at my smartphone, suddenly it’s looking back. And that feels like the beginning of something new – something that will lead to changes we may not fully understand for a while.
Facial recognition, by itself, probably won’t alter the technological landscape in a major way, but it does represent a milestone on the road towards AI-backed systems that proactively engage users. From here, it’s just a short step to a world where instead of me saying “Hey, Siri” to get things going, my phone says, “Hey, Kevin” to start a conversation with me.