[dippydipdips]

"Face ID confirms attention by detecting the direction of your gaze"

So to the argument that police can force you to open your iPhone if secured with TouchID, is this perhaps more secure? If you refrain from looking at your phone?

[strictnein]

Here's what police do today, and it will defeat this and all types of security:

Follow you until you make a phone call, or do something that requires you to unlock your phone. Then multiple people descend on you and grab you and your phone.

[empath75]

That's if they're interested in looking at your phone for a particular reason, rather than randomly being nosy in a traffic stop.

[aeontech]

No, any kind of biometric auth is vulnerable to the adversary forcing your physical compliance.

However you can disable TouchID and FaceID both by pressing the power button five times in quick succession, after which it will require your passcode.

[eridius]

For the iPhone X it's hold both the power button and either volume button for 2 seconds.

[gknoy]

I've had a remarkably difficult time getting this kind of thing to register when I try to take screenshots -- probably an issue with my case? -- so it is probably worthwhile to practice doing this ahead of time.

[Angostura]

Actually, I think that’s the hard reset sequence - replacing the Home Power combo

[eridius]

From the PDF:

> After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.

[24gttghh]

5-clicks-in-quick-succession primarily activates the "Emergency SOS mode", as well as temporarily disabling TouchID. I think you should edit your post to reflect this.

[aeontech]

It’s disabled until you enter your passcode again, correct, which is what you want. I am not sure what you thought I was saying? If you want to disable it permanently, you can do that in Settings, but doing that requires you to unlock the phone, at which point the adversary may take it and have free reign.

[24gttghh]

What I'm saying is, if someone wants to simply disable TouchID, without also automatically calling the police by whom they are presently being held then the 5 click method is overkill.

[FilterSweep]

> However you can disable TouchID and FaceID both by pressing the power button five times in quick succession

This seems effective "on paper, but not in practice." Even if you're innocent, it is one of the most nerve-racking experiences to go through.

In the heat of the moment, what if you used an old 5s method to deactivate TouchID instead of whatever method works for the X?

[aeontech]

It works fine for me, but if you have a more practical suggestion, can you expand on that? What do you think would work better?

[SomeHacker44]

This is woefully insufficient for a feature I have been begging for forever...

I would prefer it to be a double-tap on the power button, or at the very absolute worse, a triple tap. Two buttons simultaneously five times? Impossible to do under any sort of external pressure/duress.

[aeontech]

Two buttons press and hold on iPhone X.

Power button 5x on any other phone.

[mikewhy]

Not sure where you got two buttons from. It's only the power button.

[GeekyBear]

On this year's hardware, they have added a new option to temporarily disable biometrics.

You press either one of the volume buttons on one side of the phone while also pressing the sleep/wake button on the opposite side.

http://www.techrepublic.com/article/how-to-disable-face-id-o...

[mikewhy]

Didn't realise the X model did it differently than all others. Weird.

[GeekyBear]

It's also available on the iPhone 8 models.

If history is a guide, this will be a new normal that will carry through to future hardware as well.

[FilterSweep]

> If you refrain from looking at your phone?

Unfortunately, (myself included), we are so conditioned to look at your phone when it is out in our face that you would have to actively train against this "reflex".

[scarface74]

I doubt police will let a little thing like constitutional arguments keep them from forcing you to unlock your phone.

The best decryption algorithm is still rubber hose decryption.

[dmitriid]

FaceID and TouchID are not passwords, so you have to comply and unlock your phone.