iPhone X Random FaceID checks from websites?

[henrus]

For those with the X, have you noticed that certain websites perform a FaceID scan for no apparent reason? I understand when confronted with a login screen why it would do a scan, but I’m starting to see it even when there is no prompt for a login or even if I’ve already logged in to a site. Apple ought to enforce some sort of user confirmation before agreeing to a scan (at least with TouchID, I didn’t have to touch the home key if I didn’t want to. Though I personally dislike the double press of the power button a la Apple Pay confirmation.)

Feels like a security risk even if it isn’t one to allow any website to perform a scan.

 

[upandown]

It happens when you have an account saved on the website. Its pre-verifying. I actually like it

 

[henrus]

No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?

 

[mcarthon]

No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?

Never seen this happen only when I try to access my private info on a site will it pop up or whne logging in of course

 

[mskx4]

You mean Face ID right? Because i’m Witnessing this too

 

[iapplelove]

I notice Face ID comes up when I sign in using Keychain.

Never did this with Touch ID and my iPad Air doesn’t ask for my passcode on the same sites.

 

[Givmeabrek]

I've seen it pop up on random websites??

 

[henrus]

You mean Face ID right? Because i’m Witnessing this too

Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]

Never seen this happen only when I try to access my private info on a site will it pop up or whne logging in of course

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.

 

[MarkB786]

Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.

What happens if you keep Face ID from recognizing you? Does the page still render?

 

[henrus]

What happens if you keep Face ID from recognizing you? Does the page still render?

That's the problem. The scan comes quickly, and the way to cancel it would be to close your eyes, but it finishes before you have time to react and do that.

 

[tkukoc]

If the page you are viewing has any sort of login or email sign up sections Face ID checks against your stored passwords/logins looking for a match. If it's your first time on the site, it isn't going to find anything and will go away. If it does find a match or close to match it may enter it into the field. That's how Face ID works in Safari.

 

[Zaft]

So far I have only had websites with known accounts ask for Face ID.

 

[C DM]

I've seen it pop up on random websites??

Is that a statement or a question?

 

[garrym13]

Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.

I just went to chess.com and it did not happen for me. Even when I clicked the login button.

 

[Brookzy]

Yes! This happens for me all the time on the Royal Mail tracking website. Try it: https://www.royalmail.com/track-your-item

Something must be coded as a password field in the website when there isn't actually a password, which is triggering Face ID.

When it first happened I excitedly thought that maybe somehow Face ID was an alternative to Captcha verification. Disappointingly, this is not the case.

 

[IHelpId10t5]

If I had to guess, it's not likely the websites directly that are causing the checks but instead is some social media tracking code or Google Analytics that is in use and is checking for potential logins on seemingly unrelated websites.
[doublepost=1512787170][/doublepost]Maybe someone with an iPhone X should install a good content blocker in Safari (like Purify) and test to see if that prevents these unwanted Face ID prompts.

 

[mrmike316]

It’s actually happening to me every time I open Macrumors.

 

[mavis]

Try disabling FaceID for Safari Autofill.

 

[garrym13]

Yes! This happens for me all the time on the Royal Mail tracking website. Try it: https://www.royalmail.com/track-your-item

Something must be coded as a password field in the website when there isn't actually a password, which is triggering Face ID.

When it first happened I excitedly thought that maybe somehow Face ID was an alternative to Captcha verification. Disappointingly, this is not the case.

I could not replicate it here also.
[doublepost=1512796383][/doublepost]

It’s actually happening to me every time I open Macrumors.

It must be a setting. I cannot get it to work on MacRumors either.

 

[andy9l]

If I had to guess, it's not likely the websites directly that are causing the checks but instead is some social media tracking code or Google Analytics that is in use and is checking for potential logins on seemingly unrelated websites.

No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?

From someone who works in ‘tracking’ (or rather, analytics) - I can assure you this is not what is causing Face ID to pop up.

‘Login via Facebook’ and ‘Sign up via Google’ functionalities will trigger it though.

 

[lupinglade]

None of the scanned info is sent to the web site anyway. It’s just doing it locally to unlock keychain to fill password info.

 

[henrus]

This may be a clue. Invisible login forms implemented by 3rd party trackers: https://freedom-to-tinker.com/2017/...-web-trackers-exploit-browser-login-managers/

 

[pika2000]

This is interesting. I think people should report this to Apple, in case there's some malicious 3rd party tracker.

 

[BugeyeSTI]

It’s used for saved passwords. It does it evertime I go to any website that I haven’t been to before. If you don’t let the faceid scan your face your login data isn’t auto filled. I played with it a bunch last night. If you clear your Safari history and data you can get it to do it consistently when you open the browser and go to a website for the first time. If you don’t have Safari autofill enabled in faceid & passcode it doesn’t scan you anymore.

 

[Brookzy]

It’s used for saved passwords. It does it evertime I go to any website that I haven’t been to before. If you don’t let the faceid scan your face your login data isn’t auto filled. I played with it a bunch last night. If you clear your Safari history and data you can get it to do it consistently when you open the browser and first go to a website. If you don’t have Safari autofill enabled in faceid & passcode it doesn’t scan you anymore.

This thread is regarding Face ID requests when there is apparently no password field on the page.