Daniel Miessler:
Imagine a similar handheld device from a superior alien race. Assuming they needed such an interface or display at all, they would simply handle their device normally and it would still allow them to perform sensitive actions.
To an unfamiliar observer it might seem like no authentication took place, like one could just pick up any device and start taking sensitive actions on their behalf. But in reality all of that functionality had just been removed from the workflow and done automatically. It’s security made invisible and effortless.
That’s what FaceID is, and why it represents such an improvement: it adds security while removing friction.
I like the analogy here. Touch ID focuses authentication on a physical act on a physical mechanism on the phone. Face ID is invisible.