"Now that the FBI and other law enforcement agencies have started forcing suspects to unlock their iPhones with Face ID, a forensics company is warning authorities that they would be well advised not to look at Face ID-equipped iPhones. The reason? An iPhone X device, after a number of unsuccessful face scans, can only be unlocked via a passcode. This is a key distinction because a number of courts have ruled that requiring a suspect to tell authorities his passcode constitutes a violation of the 5th amendment. In contrast, having a suspect simply look at his device to unlock is perfectly fine.
"Originally brought to light by Motherboard, Elcomsoft — a forensics firm based out of Moscow — recently delivered a presentation highlighting how authorities can inadvertently force an iPhone X or XS to disable Face ID and subsequently require a passcode.
"In a slide obtained by Motherboard, Elcomsoft warns: “don’t look at the screen, or else… the same thing will occur as happened on Apple’s event.”
[end of partial quote]
If merely having a photograph of a face was sufficient to unlock the phone. , that would clearly be an inadequate security measure. Perhaps an additional security practice would be to have the phone 'learn' the face with some easy modification present, like the tongue stuck out, the tongue aimed up (or down) over the lip, or one lip over the other. Or, maybe with eyes crossed. Future phones should probably have two cameras, so that a face would be seen in stereo.