§ Security
How Face ID Actually Protects Your Data (Secure Enclave Deep-Dive)
How does Face ID work security-wise: the Secure Enclave, the TrueDepth array, the 1-in-1,000,000 false-acceptance math, and the threats Face ID does and does not cover.
Quick answer: How does Face ID work security-wise: a dedicated coprocessor called the Secure Enclave projects ~30,000 infrared dots, computes a depth map of your face, compares it to a math template stored only inside the Enclave, and if it matches, releases the keys that decrypt your phone. The biometric template never leaves the chip. Apple claims a 1-in-1,000,000 false acceptance rate. The cipher under it is AES-256; Face ID just gates the key.
What the Secure Enclave actually is
Every iPhone since the 5s ships with a small additional processor — the Secure Enclave — etched into the same silicon as the main CPU but functionally isolated. It runs its own minimal operating system (sepOS), has its own encrypted memory pool, and communicates with iOS only through a tightly defined message protocol. The threat model Apple designs against: an attacker has fully owned the iOS kernel, can read all of RAM, can install anything. Even then, the Secure Enclave should refuse to release your keys without a valid biometric or passcode.
What lives inside the Secure Enclave: the mathematical templates of your face and fingerprints, the file-system encryption keys, the keys for Apple Pay, the credentials for passkeys, and the keybag that wraps your app data keys. What does not: any of your actual data. The Enclave is the vault for the keys that protect the data. The data itself lives on flash, encrypted, and the Enclave only unwraps the key when the right biometric or passcode unlocks it.
The Face ID math
The TrueDepth array at the top of the iPhone has four relevant components: a flood illuminator (continuous IR light to see in the dark), a dot projector (projects ~30,000 IR dots in a known pattern), an IR camera (reads the dots), and a regular RGB camera. The dots hit your face and the IR camera reads the displacement of each dot from where it would land on a flat surface. That displacement field is the depth map.
The depth map plus a 2D IR image get fed into a neural network — trained originally on a billion images, hardened against masks and adversarial inputs — which produces a mathematical representation of your face. That representation gets compared (also inside the Secure Enclave) against the enrolled template. If the match score crosses a threshold, the Enclave signals “authenticated” for one cryptographic operation. Then it forgets you, until the next unlock.
Apple's published numbers: 1-in-1,000,000 false acceptance rate for the general population (versus 1-in-50,000 for Touch ID). The number degrades for identical twins, very young children whose facial features are still developing, and siblings under 13. The system requires re-authentication with the passcode after 48 hours, after five failed Face ID attempts, after restart, or when triggered by the SOS shortcut.
How Face ID gates your encryption keys
A common misunderstanding: Face ID does not “encrypt” anything. The encryption is done by AES-256, with keys derived in part from your passcode and a hardware UID baked into the Secure Enclave at manufacture. Face ID gates release of those keys.
The flow when you unlock your phone:
- You glance at the iPhone. TrueDepth projects dots, IR camera reads them.
- The data goes straight into the Secure Enclave — never touches iOS or RAM accessible to apps.
- The Enclave's neural net produces a candidate template; matched against the stored one.
- On match, the Enclave unwraps the file-system key from the keybag.
- iOS gets the unwrapped key for the duration needed, then it expires from RAM.
- For per-app secrets (like a notes app's master key), the same flow can happen on demand — the app asks the OS for a Keychain entry protected by
biometryCurrentSet, and the OS asks the Enclave to release it after a fresh Face ID check.
For an encrypted notes app on iOS, this means: your master password derives an AES-256 key. A copy of that key gets stored in the Keychain, wrapped by the Secure Enclave, gated by Face ID. Subsequent unlocks use Face ID to release the wrapped key — convenience. Lose biometric access, fall back to the master password. Lose both, fall back to the 12-word recovery seed. Each layer gates the same cipher; none of them are the cipher.
What Face ID can't protect against
Face ID is excellent against the threats it was designed for and mediocre against everything else. Honest list:
- Coerced unlock. Someone holds your phone up to your face. Without triggering the SOS shortcut first, your face authenticates. A passcode you can refuse to give up. A biometric you cannot.
- Sleeping or unconscious users. If attention detection is off, your closed-eyed face still unlocks. Keep attention detection on.
- Identical twins. Apple says so explicitly. Face ID cannot reliably distinguish identical twins. Use the passcode if this is a real threat.
- Post-restart “Before First Unlock” state. After every reboot, the device requires the passcode. The keys are wrapped at the highest protection class and even law enforcement forensic tools have a much harder job against a BFU iPhone. Restart your phone before crossing a border.
- Shoulder surfing. Once decrypted, content is on the screen. Face ID does nothing about a camera over your shoulder or the person sitting next to you on the train.
The practical posture: use Face ID for convenience on top of a strong passcode and a well-designed Face ID-gated notes setup. Know the SOS shortcut — squeeze the side button and a volume button for two seconds, the iPhone forces passcode-only on the next unlock. Restart your phone before high-risk crossings. Keep notes locked behind their own per-folder passwords so even if the phone unlocks, the notes do not.
Frequently asked: Face ID security
Can Face ID be fooled by a photo?
No. Face ID uses the TrueDepth camera to project ~30,000 infrared dots and read the depth map they create — a 2D photo has no depth and gets rejected instantly. Even high-quality masks have been defeated only in lab conditions with the user's exact face geometry. Apple cites a 1-in-1,000,000 false acceptance rate for the general population, versus 1-in-50,000 for Touch ID.
Where is the Face ID data stored?
Inside the Secure Enclave — a dedicated coprocessor on the A-series and M-series chips with its own memory and OS, isolated from the main application processor. The mathematical representation of your face never leaves the Secure Enclave. It is not synced to iCloud, not backed up, and not accessible to Apple, the apps you install, or any debugger.
Can someone unlock my phone while I'm asleep?
Face ID requires attention detection by default — the system checks for open eyes looking at the phone. With attention detection on (the default), a sleeping face will not unlock the device. If you disabled attention detection in Settings → Face ID & Passcode → Require Attention for Face ID, then yes, someone could hold the phone in front of your closed-eyed face and unlock it. Leave attention on.
What is the Secure Enclave?
A dedicated security coprocessor present on every iPhone since the iPhone 5s. It runs its own OS (sepOS) on its own hardware separate from the main CPU, with its own encrypted memory. The Secure Enclave handles biometric template storage, cryptographic key generation and storage, secure boot verification, and Apple Pay tokenization. Even if the iOS kernel were fully compromised, the Secure Enclave would remain isolated.
Is Face ID more secure than a passcode?
It depends on the attacker. Against an opportunist with no access to you personally, Face ID's 1-in-1,000,000 false acceptance is harder to beat than a 6-digit passcode's 1-in-1,000,000 brute-force odds. Against a coercive attacker — police, partner, mugger — a passcode is harder to forcibly extract. Best practice: use both. Face ID for convenience, a long alphanumeric passcode as the fallback you can refuse to give up.
Can police force me to unlock with Face ID?
In the United States, recent court rulings have split — some have held Face ID is a non-testimonial act (like a fingerprint) that police can compel, while a passcode is testimonial and Fifth Amendment-protected. To be safe in a high-risk situation, hold the side button and either volume button for two seconds to trigger 'biometric lockout' — the phone will require the passcode on next unlock. This is the SOS shortcut.