Facebook has developed its own facial-authentication software. However, unlike Apple’s Face ID, Facebook’s feature will be used only during the account recovery process. The facial recognition has been pitched as brilliant means of account recovery. The company in a statement to TechCrunch said:
“We are testing a new feature for people who want to quickly and easily verify account ownership during the account recovery process. This optional feature is available only on devices you’ve already used to log in. It is another step, alongside two-factor authentication via SMS, that were taking to make sure account owners can confirm their identity.
However, like Apple’s announcement earlier this month, the very existence of the feature raises a number of serious privacy concerns for users. And the lack of specifics regarding Facebook ID doesn’t help the situation either. While it’s certainly a plus that the feature must be used alongside some form of two-factor authentication, it’s 2FA via SMS, one of the weakest versions of multi-fac. Additionally, there’s no telling whether or not Facebook will be storing your face data locally on your device — which is by far the most secure choice — or in the cloud somewhere.
The news was also confirmed in a tweet by Matt Navarra, social media director for TNW, who received this screenshot of the new feature from social-media researcher Devesh Logendran.
While this appears to be a security milestone, a significant complication is anticipated. No matter how safe and secure a system is intended to be, there will always be flaws and loop holes. These sort of minor mistakes and random hacks often have a minimal impact on users — you simply reset your password and go about your life — but when that password is something as unchangeable as your face, everything becomes significantly more complicated.