"This is an unfortunate situation that happens in most corporate environments, which is why multi factor and especially biometric (fingerprint or facial) adoption helps ease and simplify security," he said.
"And [security] is a tough challenge for IT departments - because we are up against the resistance of the human mind, which is perhaps the most difficult to tackle among all other cyber security challenges," said Rajagopal.
"If we look at the variety of mobile devices: we can sort them into different categories of authentication evolution over the last few years:
- No PIN - free and easy is how they like it;
- Simple Pin Code - Whether it was a 4 digit or a 6 digit, there were still groups of people that felt 1234 or 123456 was the most secure option for this;
- Touch ID ( Fingerprint ) - Released by Apple about four years ago, but security researchers have been hacking or bypassing fingerprint recognition for the last 15 years!
- and now Face ID (Apple's facial recognition system)."
"Face ID is also nteresting because I think it is a serious attempt by Apple to reduce the security friction between the user and the device," he said. "The key here is to make it as seamless as possible for someone to secure authenticate with their device yet remaining secure."
"With iPhone X, Apple claims a 1 in 1,000,000 error ratio, which is much higher than fingerprints (Touch ID), which is 1 in 50,000," said Rajagopal, adding that governments can help educate citizens to use mobile devices more securely.
Jensen Ooi (pic above), IDC Asia Pacific's senior research analyst for client devices, also welcomed Face ID. "The pros of facial recognition security outweigh the cons in many ways. However, past systems had so many flaws in the past that it was either a major inconvenience for the users, or a major misnomer should it have been labelled as a 'security' feature. Thankfully, Apple's initiative with the iPhone X is a great push for the industry to move forward in terms of biometric security. It was a classic case of 'less is more,' removing the Touch ID and replacing it with Face ID. Not only is it more convenient now but it has also become more intuitive in terms of usability as one needs to be aware and looking at the phone in order for it to be unlocked."
Finally fit for enterprise?
"For the short term, it's mainly about the cost. Apple's Face ID is one of the more reliable ones out in the market (for now) while other brands' facial recognition security still have major flaws," said Ooi. "However, the Face ID feature is only available on the costly iPhone X, which would make IT departments think twice about getting it unless absolutely necessary or highly applicable for business use."
"In the long term though, this still remains to be seen as Face ID is still new in the market and needs more time to be trialled if it truly is as secure as what Apple claims," he said.
Ooi believes the initial reaction from consumers may be "naturally sceptical." However, awareness campaigns, peer recommendations and sheer convenience will increase acceptance.
"Smartphone vendors will need to assure that the facial features of the users will be stored securely, such as how Apple did it with its secure enclave where the facial features are stored within the device and not uploaded anywhere else," he cautioned.
"The major concern that users ought to be wary of are the apps that are available for download. Some seemingly harmless apps could pose as a 'Trojan horse,' gaining access into the device's facial scanning features and extracting the necessary details for malicious purpose," said Ooi. "Furthermore, in the long run, consumers' concern should be towards the smaller/less reputable brands that are more reasonably priced but have managed to develop their own facial security features but could hardly be any secure at all."
He also agreed with the other experts that the development of Face ID may be one of the "most significant upgrades for facial recognition security on handsets."
"No security system: however, is unbeatable or truly secure," Ooi added. "It's only a matter of time before it gets bested by the hackers or 'spoofers,' For now, it's a worthy 'one up' for biometric security in smart devices."
In an earlier interview (see additional articles list below), he believes Face ID will generally help sales of iPhone X and other premium handsets.
Study feasibility, SoP
Dr Amirudin said organisations need to study the feasibility of introducing this new technology. "The impact of facial recognition technology on business and enterprise sectors will of course depend on the 5W and 1H of the technology applications."
"The pros of the facial recognition technology include the fact that it is a useful and very secure technology, in which very little amount of user cooperation is required. Users are only required to look at their phone camera in order to access the contents of their phone," he said. "The iPhone X face recognition methodology has included enrolment from various perspectives of a user's face: therefore, we can expect the system to be very robust against face-pose variations."
"The chances for anybody breaking into properly implemented facial recognition systems are currently very slim," Dr Amirudin said. "Research into biometrics fraud suggests that facial recognition is faring well against attacks [spoofing variations].""
"What system administrators need to ensure is to draw up a sound set of procedures (SoP) addressing the use of such technologies for security and data protection in their organisation," advised Dr Amirudin. "The SoP should also include steps needed when mitigating certain risks that might potentially arise in the use of facial recognition technology within the organisation."
"Such procedures should call for regular updates of face recognition enrolment data to especially manage occlusions such as facial hair (beard and moustache)," he said. "For women for example, such a SoP may advise that hair is properly clipped or held to avoid it from falling and blocking the face during enrolment. For Muslim women, the enrolment is to be taken at a private place, where they can take off their hijab. They are advised to avoid doing the enrolment with hijab as certain types of hijab covers important facial features especially on the forehead and the cheeks."
For other news on digital security in Malaysia and facial recognition, visit:
- 33 Malaysian websites hacked following SEA Games error: Experts reaffirm security musts for Sysadmins
- Combatting cyberattacks with a strategic mindset: Computerworld Malaysia 11th Security Summit
- Malaysian businesses must prepare for complaints as PDPA finally in force, says global law firm
- BLOG: Fragile line between privacy and security: 2014
- IDC interview: How will iPhone X and other premium handsets change the market in Malaysia?
Sign up for Computerworld eNewsletters.