What’s up with Face ID timeouts?

The Loop posted a great summary of Apple’s Face ID security whitepaper.

Two points about how the timeout works really baffled me. Face ID is disabled when:

  • The device hasn’t been unlocked for more than 48 hours.
  • The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.

If the phone hasn’t been unlocked for 48hrs, it’s a good assumption that the phone has been lost or stolen. But why bother disabling Face ID? Is Apple nervous about it’s real-world effectiveness? Nervous that a thief may be able to unlock the phone with their face?

The second timeout seems more arbitrary. Why 156 hours? If I generally only use my phone once every 4hrs 5mins, then after 6.5days I will have to re-authenticate with my passcode? Why? It seems completely arbitrary.

Any smarter security minds out there have any thoughts?

Moderate success

Why aren’t there any blog posts about people who run a moderately successful side business? They’re never mega-successful, just pad bank accounts, help pay off debts, save for the future, take their families on vacations, whatever?

It seems a lot more attainable than the seemingly random stories of “The man who built a $1 billion firm in his basement“, etc.

Seriously, I wouldn’t mind some insight on that sort of thing.