The Galaxy S8 is one of the most stunning phones we’ve ever laid eyes on, but there’s one design element we can’t quite wrap our heads around. Instead of centering the fingerprint sensor on the back like so many other phone makers have done, Samsung has placed it next to the camera, virtually assuring that most people will use one of the other myriad ways to unlock.
But the one people are most likely to use is also one of the least secure. Instead of a pattern or a passcode, you can set up your Galaxy S8 to unlock as soon as it sees your face (since you’re likely to be looking at it anyway). It utilizes the front camera to study the proportions of your face and when it recognizes it’s you, it’ll unlock. Think of it like taking a selfie that only your phone will see.
However, it’s not the most fool-proof method. Where fingerprint scanning and iris scanning are unique and virtually unspoofable without access to important parts of your body, face recognition is a decidedly lower-tech solution, scanning images rather than biometrics. It’s convenient for sure—and in my brief testing was very fast—but it might not be all that safe. A video from iDeviceHelp on YouTube shows just how unsecure it could be, demonstrating how a photo on a separate phone can trick the system into unlocking.
Face unlock isn’t new, and neither are the concerns about security. It’s been a feature on Android for several versions, and many phones already quietly support it. However, with Samsung promoting the feature as one of the Galaxy S8 selling points, you’d think they would have developed a safer, more secure system, but it appears that isn’t the case. And even Samsung seems to recognize that fact, since it doesn’t allow face recognition as one of the Samsung Pay authenticators.
It's unclear whether Samsung has baked any additional security measures into the face unlock feature. On Android, for example, the method becomes unavailable if the users has configured an Exchange account on their phone.
Face the music: When you get your Galaxy S8 in April, you might want to think twice about activating face recognition as your preferred method of unlocking. Every other way is bound to be more secure, but for ultimate protection against prying eyes, go for the iris scanning or the good-fashioned fingerprint sensor, however poorly placed it may be. The Galaxy S8 is currently available for preorder but isn’t shipping for another three weeks, so it’s possible that Samsung is still working on a more secure solution. Most likely it's something we’ll try out but ultimately turn off.