How Does Facial Recognition Work and Is It Secure?

Okta's cloud-based authentication gives users high-assurance with simple-to-use factors like biometrics and push notifications.

Facial recognition software compares two images that include a person's face. One is relatively recent, and the other resides within a database. Algorithms attempt to make a "match" between the two. When it’s successful, face recognition software could determine a person's identity from a photo.

What is facial recognition technology?

Facial recognition software uses a database filled with images, an algorithm to compare two items, and user inputs to confirm or deny matches. The goal is to link an image taken with an identity of a person. 

Facial recognition software typically relies on three steps:

  • Capture: A camera collects your image. Sometimes you initiate the photo (by looking into your phone's camera, for example), but your photo could be taken without your knowledge.  
  • Modification: Face recognition software measures the width of your eyes, the relation of your eyes to your mouth, and other core features. All of that information is transformed into a digital signature.  
  • Search: Your digital signature is compared to thousands of data points within the algorithm. If the system already knows you, a match is made. The system may also deliver several potential matches, ranked by probability. 

Here's an example of how facial recognition could be used. 

Police were looking for a man wanted in connection with a child abuse case. They had an image of the person, but they didn't know where he was at the moment. A company with a database of 3 billion images stepped in to help. They uncovered a photograph showing the man standing deep in the background. His image was tiny (about half the width of a fingernail). But it was enough for a positive identification. 

Industries that use facial recognition software

We often associate facial recognition software with law enforcement. Police officers use it to spot and apprehend suspects, and photos provide a valid avenue for arrests. But your image could be used in many other ways.

These are other industries that also use facial recognition:

  • Healthcare: Hospitals and clinics could use your image to help you check in or check out of care. You'll get the treatments you need with less paperwork. But some health systems are also experimenting with facial recognition to spot their clients doing unsafe things, such as smoking or skipping their medication doses.  
  • Marketing: Some membership-based organizations, such as gyms, use facial recognition to distinguish frequent users from lapsed customers.  
  • Online security: Your phone may unlock after you peer into the camera, and it may remain locked if a thief tries the same technique. Some databases work in the same manner.  
  • Physical security: Your company may have a photographic database of all authorized personnel. If someone unusual appears in an image, the system alerts the staff.  
  • Social media: Companies like Facebook allow users to "tag" their friends in photos. The information could be used to tailor online experiences based on where the person likes to go and whom the person is seen with.  
  • Travel: Your mugshot could place you on a no-fly list. If you attempt to board an airplane, the authorities will know. 

As facial recognition software grows more ubiquitous, this industry list may grow.

Face recognition drawbacks

Facial recognition could keep unauthorized or criminal activity in check. But it's not a perfect form of security. 

The software relies on a database of images, and it's only as accurate as the data it's fed. If the dataset includes mostly white, male people, the system will struggle to correctly identify women and minorities. This could lead to false-positive identifications and unfair arrests. 

The system could also violate your privacy. Most of us expect a degree of anonymity when we're moving through our daily lives. If a system is always photographing us and keeping track of where we go, that could be seen as a violation of trust.

Opting out of facial recognition

You can't trademark your face and keep companies from photographing you. But there are steps you can take if you're concerned about privacy.

Try these three steps:

  1. Opt out when you can. Don't allow Facebook to automatically tag your photos. Don't allow Google to do the same. If you're given the chance to keep your face out of a database, take advantage.  
  2. Pay attention at the voting booth. Some local legislators are fighting back against surveillance, and they're not allowing the technology to creep into everyday life. If you agree with this stance, find a candidate who supports privacy protections.  
  3. Safeguard your privacy. Ensure that your system security protects you from intrusion. Don't allow people to dig into photos you'd like to keep private.

Facial recognition does have some benefits. For example, at Okta, we help customers deploy multi-factor authentication. Sometimes, that means we advise them to ask their employees to show their faces before they can access sensitive information. Follow the steps we've outlined above to keep your face safe. 


What if Facial Recognition Technology Were in Everyone's Hands? (August 2021). Slate. 

Facial Recognition Is Everywhere. Here's What We Can Do About It. (July 2020). The New York Times. 

Why Ubiquitous Facial Recognition Tech Is a Game Changer. (August 2018). TechRepublic. 

As Facial Recognition Software Becomes More Ubiquitous, Some Governments Slam On the Brakes. (September 2019). ABA Journal.