Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

henrus

macrumors newbie
Original poster
Nov 24, 2003
23
5
For those with the X, have you noticed that certain websites perform a FaceID scan for no apparent reason? I understand when confronted with a login screen why it would do a scan, but I’m starting to see it even when there is no prompt for a login or even if I’ve already logged in to a site. Apple ought to enforce some sort of user confirmation before agreeing to a scan (at least with TouchID, I didn’t have to touch the home key if I didn’t want to. Though I personally dislike the double press of the power button a la Apple Pay confirmation.)

Feels like a security risk even if it isn’t one to allow any website to perform a scan.
 
Last edited:

henrus

macrumors newbie
Original poster
Nov 24, 2003
23
5
No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?
 

mcarthon

macrumors 6502
Jun 18, 2010
273
65
No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?


Never seen this happen only when I try to access my private info on a site will it pop up or whne logging in of course
 

iapplelove

Suspended
Nov 22, 2011
5,324
7,638
East Coast USA
I notice Face ID comes up when I sign in using Keychain.

Never did this with Touch ID and my iPad Air doesn’t ask for my passcode on the same sites.
 

henrus

macrumors newbie
Original poster
Nov 24, 2003
23
5
You mean Face ID right? Because i’m Witnessing this too

Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]
Never seen this happen only when I try to access my private info on a site will it pop up or whne logging in of course

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.
 

MarkB786

macrumors 6502a
Sep 20, 2016
755
1,304
USA
Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.

What happens if you keep Face ID from recognizing you? Does the page still render?
 

henrus

macrumors newbie
Original poster
Nov 24, 2003
23
5
What happens if you keep Face ID from recognizing you? Does the page still render?

That's the problem. The scan comes quickly, and the way to cancel it would be to close your eyes, but it finishes before you have time to react and do that.
 

tkukoc

Cancelled
Sep 16, 2014
1,533
1,915
If the page you are viewing has any sort of login or email sign up sections Face ID checks against your stored passwords/logins looking for a match. If it's your first time on the site, it isn't going to find anything and will go away. If it does find a match or close to match it may enter it into the field. That's how Face ID works in Safari.
 

garrym13

macrumors member
Jun 22, 2012
47
22
Yes, sorry. FaceID. Will fix it. Thx
[doublepost=1512746573][/doublepost]

I just went to chess.com, a site I’ve never been to before when I clicked on a DaringFireball article link from Feedly (an RSS reader app), and bam...FaceID scan with no explanation or post scan anything before the page rendered. Weird.

I just went to chess.com and it did not happen for me. Even when I clicked the login button.
 
  • Like
Reactions: vddobrev

Brookzy

macrumors 601
May 30, 2010
4,985
5,577
UK
Yes! This happens for me all the time on the Royal Mail tracking website. Try it: https://www.royalmail.com/track-your-item

Something must be coded as a password field in the website when there isn't actually a password, which is triggering Face ID.

When it first happened I excitedly thought that maybe somehow Face ID was an alternative to Captcha verification. Disappointingly, this is not the case. :(
 

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
If I had to guess, it's not likely the websites directly that are causing the checks but instead is some social media tracking code or Google Analytics that is in use and is checking for potential logins on seemingly unrelated websites.
[doublepost=1512787170][/doublepost]Maybe someone with an iPhone X should install a good content blocker in Safari (like Purify) and test to see if that prevents these unwanted Face ID prompts.
 
  • Like
Reactions: Brookzy

mavis

macrumors 601
Jul 30, 2007
4,771
1,541
Tokyo, Japan
Try disabling FaceID for Safari Autofill.
 

Attachments

  • 6A1B0952-FE66-4BD0-902A-6078B3246D90.png
    6A1B0952-FE66-4BD0-902A-6078B3246D90.png
    551.7 KB · Views: 500

garrym13

macrumors member
Jun 22, 2012
47
22
Yes! This happens for me all the time on the Royal Mail tracking website. Try it: https://www.royalmail.com/track-your-item

Something must be coded as a password field in the website when there isn't actually a password, which is triggering Face ID.

When it first happened I excitedly thought that maybe somehow Face ID was an alternative to Captcha verification. Disappointingly, this is not the case. :(
I could not replicate it here also.
[doublepost=1512796383][/doublepost]
It’s actually happening to me every time I open Macrumors.
It must be a setting. I cannot get it to work on MacRumors either.
 

andy9l

macrumors 68000
Aug 31, 2009
1,699
365
England, UK
If I had to guess, it's not likely the websites directly that are causing the checks but instead is some social media tracking code or Google Analytics that is in use and is checking for potential logins on seemingly unrelated websites.

No, this happens on sites I’ve never been to before. Even if it’s legit, there ought to be some sort of request or confirmation before the scan. Perhaps these are tracking cookies?

From someone who works in ‘tracking’ (or rather, analytics) - I can assure you this is not what is causing Face ID to pop up.

‘Login via Facebook’ and ‘Sign up via Google’ functionalities will trigger it though.
 

lupinglade

macrumors 6502
Oct 31, 2010
273
243
None of the scanned info is sent to the web site anyway. It’s just doing it locally to unlock keychain to fill password info.
 

pika2000

Suspended
Jun 22, 2007
5,587
4,903
This is interesting. I think people should report this to Apple, in case there's some malicious 3rd party tracker.
 

BugeyeSTI

macrumors 604
Aug 19, 2017
7,244
9,089
Arizona/Illinois
It’s used for saved passwords. It does it evertime I go to any website that I haven’t been to before. If you don’t let the faceid scan your face your login data isn’t auto filled. I played with it a bunch last night. If you clear your Safari history and data you can get it to do it consistently when you open the browser and go to a website for the first time. If you don’t have Safari autofill enabled in faceid & passcode it doesn’t scan you anymore.
 

Brookzy

macrumors 601
May 30, 2010
4,985
5,577
UK
It’s used for saved passwords. It does it evertime I go to any website that I haven’t been to before. If you don’t let the faceid scan your face your login data isn’t auto filled. I played with it a bunch last night. If you clear your Safari history and data you can get it to do it consistently when you open the browser and first go to a website. If you don’t have Safari autofill enabled in faceid & passcode it doesn’t scan you anymore.
This thread is regarding Face ID requests when there is apparently no password field on the page.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.