Face ID, Touch ID, passcodes, and passwords
To use Face ID or Touch ID, the user must set up their device so that a passcode or password is required to unlock it. When Face ID or Touch ID detects a successful match, the user’s device unlocks without asking for the device passcode or password. This makes using a longer, more complex passcode or password far more practical because the user doesn’t need to enter it as frequently. Face ID and Touch ID don’t replace the user’s passcode or password; instead, they provide easy access to the device within thoughtful boundaries and time constraints. This is important because a strong passcode or password forms the foundation for how a user’s iPhone, iPad, Mac, or Apple Watch cryptographically protects that user’s data.
When a device passcode or password is required
Users can use their passcode or password anytime instead of Face ID or Touch ID, but there are situations where biometrics aren’t permitted. The following security-sensitive operations always require entry of a passcode or password:
Updating the software
Erasing the device
Viewing or changing passcode settings
Installing configuration profiles
Unlocking the Security & Privacy pane in System Preferences on Mac
Unlocking the Users & Groups pane in System Preferences on Mac (if FileVault is turned on)
A passcode or password is also required if the device is in any of the following states:
The device has just been turned on or restarted.
The user has logged out of their Mac account (or hasn’t yet logged in).
The user hasn’t unlocked their device for more than 48 hours.
The user hasn’t used their passcode or password to unlock their device for 156 hours (six and a half days), and the user hasn’t used a biometric to unlock their device in 4 hours.
The device has received a remote lock command.
The user exited power off/Emergency SOS by pressing and holding either volume button and the Sleep/Wake button simultaneously for 2 seconds and then pressing Cancel.
There were five unsuccessful biometric match attempts (though for usability, the device might offer entering a passcode or password instead of using biometrics after a smaller number of failures).
When Face ID with a mask is enabled on an iPhone, it’s available for the next 6.5 hours after one of the following user actions:
Successful Face ID match attempt (with or without a mask)
Device passcode validation
Device unlock with Apple Watch
Any of these actions extends the period an additional 6.5 hours when performed.
When Face ID or Touch ID is enabled on an iPhone or iPad, the device immediately locks when the Sleep/Wake button is pressed, and the device locks every time it goes to sleep. Face ID and Touch ID require a successful match—or optionally use of the passcode—at every wake.
The probability that a random person in the population could unlock a user’s iPhone or iPad is less than 1 in 1,000,000 with Face ID—including when Face ID with a mask is turned on. For a user’s iPhone, iPad, Mac models with Touch ID and those paired with a Magic Keyboard, it’s less than 1 in 50,000. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances). For additional protection, both Face ID and Touch ID allow only five unsuccessful match attempts before a passcode or password is required to obtain access to the user’s device or account. With Face ID, the probability of a false match is higher for:
Twins and siblings who look like the user
Children under the age of 13 (because their distinct facial features may not have fully developed)
The probability is further increased in these two cases when Face ID with a mask is used. If a user is concerned about a false match, Apple recommends using a passcode to authenticate.