[lucb1e]

What I'm hearing you say is that the hardware has baked-in private keys. That is not biometrics, that's public-private key authentication. People already do this with ssh/pgp private keys on a hardware token. Which is a good idea, but it has nothing to do with biometrics and is not something you need to sell your soul to apple for.

> It’s also more secure than a password on a phone because if you’re using it in public someone can watch you type your password in.

I'd rather hold a hand over a PIN pad than having to wear a mask to prevent my face from being scanned in public.

[astrange]

> What I'm hearing you say is that the hardware has baked-in private keys. That is not biometrics, that's public-private key authentication.

Even if you could write your sensor's face data into someone else's phone, you still wouldn't be able to authenticate with it, because it doesn't have the same sensor. It's not just different keys, the fixed layout of the IR pattern is different.

> I'd rather hold a hand over a PIN pad than having to wear a mask to prevent my face from being scanned in public.

And not sure what the actual threat model here is, but I don't think strangers can scan your face in a way that's useful to Face ID. (Wearing a mask doesn't stop general identification technology, it doesn't even break Face ID anymore.)

[Aachen]

I don't think they meant respiratory masks to hide from your head being scanned, especially if the algorithm doesn't look at that part of your head.

> Even if you could write your sensor's face data into someone else's phone,

Since the keys presumably aren't retrievable from the hardware, it doesn't matter if there are random or intentional production flaws in the sensor itself: you need the original hardware anyway. You just need to trick it into doing the authentication. That's the part where biometrics are involved, the part where you present it with a username so to say. The rest is private key authentication.