Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Today, web_crawlr reader Cliff D. asks whether you should use your face as a universal password.
Passwords. We’ve covered them before. We’ve talked about the importance of having unique, strong passwords on every site you use. We’ve talked about the importance of password managers. And we’ve also talked about how annoying dealing with passwords can be.
So why not use something like our face for a universal password? That’s the question Cliff has.
As with anything, of course, there are pros and cons. Using your face to gain entry to your accounts or devices, like many people already do on their cell phones, is undoubtedly much easier than using a password manager.
But as I often harp on in this column, security isn’t a one-size-fits-all issue. Different people have different needs. So while using your face may be good for some, it could be an issue for others.
Now, if you’re not all that concerned about someone trying to replicate your face to gain access to your phone, facial recognition isn’t a bad option. But others may want to be hesitant. We’ve seen numerous examples over the years of facial passwords being used against their owners.
For example, we’ve witnessed repeated instances of law enforcement officers gaining access to people’s phones by holding them up to their faces. Having a strong and unique text-based password for your phone will always be the safest option.
And while the technology continues to improve, we have seen people defeat facial recognition protections in the past. In 2018, a reporter with Forbes 3D-printed his own head and was able to obtain access to Android phones, although the trick didn’t work on iPhones at the time.
On the other hand, some experts have said that using facial recognition, at least in public, is a good idea given that phone thieves often watch people put in their password before stealing their phone.
At the end of the day though, the biggest issue with facial recognition is that, for the most part, your face doesn’t change. If someone is able to replicate it, there’s no way to defend yourself. Of course, facial recognition could be combined with other security features such as 2FA, but at the end of the day, it all boils down to you and your security needs.
But if you’re tired of dealing with passwords, you’re in luck. Google is slowly shifting to make passkeys the standard. Passkeys allow users to log in to their Google accounts by utilizing the pin, face, or fingerprint authentication built into their devices.
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Source: https://www.dailydot.com/debug/face-universal-password-security/