How Apple's new Face ID stacks up against Windows Hello

Is there a difference between Apple's and Microsoft's two facial-recognition technologies?

Convenience and security are often at odds in the tech world, but that hasn't stopped most companies from attempting to fuse the two. With Microsoft, we have Windows Hello, a biometric system that can log you in with a fingerprint, or facial or iris scans. Apple, which uses Touch ID as a fingerprint login system, has now come up with something new, first unveiled at the September 2017 Apple event.

Apple wants to get rid of the iPhone's Home button and with it TouchID, so it's testing out what it calls "Face ID" on the upcoming iPhone X. Face ID works in a similar way to Windows Hello, in that it uses an IR sensor and camera to identify your face for a fast, secure login. There are, however, some differences between the two technologies, which we'll examine here.

What is Windows Hello facial recognition?

Windows Hello on an HP Spectre x2

With Windows Hello, there are two types of biometric recognition through cameras: iris and facial. The facial recognition side of Windows Hello works by bouncing infrared (IR) light off your face and picking it up with a camera. An image of your face is then compared against one that's stored on your PC. If they match, you're logged in. The iris scanning side — famously found in the Lumia 950, 950 XL, and HP Elite x3 — instead takes a picture of your iris and compares it to one stored in your device.

Although there are no confirmed reports of Microsoft's implementation of iris scanners being defeated, other iris scanners have been bypassed, as have facial recognition methods. Android Central reported on the iris scanner in the Samsung Galaxy S8 being spoofed with a printed IR image and a fake contact lens. An article from The Guardian explains how researchers from Carnegie Mellon University were able to fool Face++ facial recognition by wearing some funky tortoiseshell glasses. In some cases, like with the Samsung Note 8, all it took was printing out a picture of a face and holding it up to a camera.

What your IR camera sees

Windows Hello facial recognition puts a stop to some spoofing thanks to the IR camera. Printed and digital images don't appear in the IR camera, so it would take more to get past the technology. Remember, pretty much any gate is permeable to someone with the means and time to break it.

Another security concern is where your biometric data is stored. Microsoft explicitly says that biometric data collected from Windows Hello facial recognition never leaves the device. From Microsoft:

The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data, it still can't be easily converted to a form that could be recognized by the biometric sensor.

This data is protected in part by a Trusted Platform Module (TPM), which is a microchip that enables extra security through encrypted keys. Overall, you can consider your biometric data relatively safe. Even if someone were to steal the data, it would be near impossible to recreate your face or fingerprint from the information.

See the best laptops with Windows Hello support

If you're thinking this sounds a lot like Xbox's Kinect, you're not wrong. There are similarities, especially when we look at Intel's own lineup of cameras, known as RealSense. These cameras can handle 3D recognition (albeit at a much shorter range than the Kinect) and depth through a set of cameras. A group of IR dots is projected from the camera, a grid of your face is formed, and it is then analyzed by the camera. This is different from the other brand of Windows Hello facial recognition — like that found in Surface devices — which implements its own recognition through pictures with IR cameras.

What is Apple's Face ID?

Apple Face ID

In 2013, Apple bought a company called PrimeSense, which is the company that helped make the Xbox's Kinect camera. For this reason, Face ID uses similar technology, albeit in a smaller, more condensed form. Instead of a Kinect having to track an entire body moving around a living room, you have a system consisting or IR and depth cameras that only has to focus on the face.

Apple's system is called "TrueDepth," and it is similar to what Intel has created with RealSense. TrueDepth shoots out about 30,000 IR lights (minuscule dots that are unseen by the human eye) onto your face that are then picked up by the IR camera. The lights (or dots) are processed by Apple's A11 Bionic Neural Engine, which is a system separate from the main processor. A grid based on your face's 3D shape is formed, and only someone with the same grid is able to log into the iPhone.

This TrueDepth system is expected to eliminate some of the issues we've seen in the past, where you can defeat facial recognition safeguards. Apple expects Face ID will even go so far as avoiding defeat from recreated 3D models of faces. Phil Schiller, senior vice president of worldwide marketing at Apple, said in the keynote speech that Hollywood makeup artists were brought in to test whether professional 3D recreations of faces would fool FaceID. (It's interesting to note that Schiller didn't actually say whether or not Face ID was fooled by these phony faces.)

Actual masks used to test Face ID

In an article on iMore, editor Rene Ritchie answered some security concern questions, like where the Face ID data is stored. Apple sent iMore this comment on Face ID:

Face ID data never leaves the device, is encrypted and protected by the Secure Enclave.

The Secure Enclave is similar to a TPM chip in that it stores an encrypted version of your data that can't easily be cracked. Like with Windows Hello, you can expect your biometric data to remain relatively safe in your device.

Which form of facial identification is better?

Without actually testing the two technologies side by side, it's difficult to claim one technology is superior. One thing to keep in mind is that most convenient login methods — fingerprint reader, iris scanner, and facial recognition — have been beaten by people with enough time and means. Since Face ID is essentially a member of the same group, it will be interesting to see how long it takes for someone to spoof it, or if they're able to.

What we do know is how well Windows Hello's facial recognition works. We've have had plenty of time using it, both on Windows 10 and Windows 10 Mobile, and it's been proven to log in without fault far more often than not, often instantaneously. Whether it's easier to spoof than Face ID is yet to be seen, but it seems like Apple took its time studying past success stories, investing in the companies behind those success stories, and creating something secure and convenient.

An initial impression of Apple's Face ID — without actually using it — is positive. The Face ID demonstration at the keynote speech, ignoring the failed login that Apple has since explained away, was impressive. The iPhone X itself has the hardware needed to perform an in-depth scan of your face (the animated emojis showed off the tracking capabilities), and the separate Neural Engine that processes the information should allow for blazing fast logins.

Windows Hello is already available

Mouse cam for Windows Hello

Windows Hello is readily available in many laptops and phones, whether through fingerprint, facial, or iris scans. If your device doesn't have the proper hardware built in, you can always go with a third-party option to add biometric functionality.

An IR camera from Mouse (about $70) can attach to your laptop or monitor and will allow you to log into Windows with just your face. Mouse also offers a fingerprint reader (about $50) that plugs in via USB.

See our review of the Mouse IR camera and fingerprint reader

If you're looking for something with a few more features, you'll no doubt want to check out the Logitech BRIO webcam. It supports 4K resolution, HDR, and Windows Hello, all in a slim package. Sure, it costs about $200, but it's pretty much the only webcam you'll need for the foreseeable future. Check out our review for much more information.

See our review of the Logitech BRIO 4K webcam