MARCIANOTECH uploaded a video showing a Samsung Galaxy S8 unlock using a photo of himself. Google introduced the Face Unlock feature in Android 4.0 and is aware that photos can unlock the screen. The feature is a convenience, not a security enhancement.
In a statement to Ars Technica Samsung Electronics Ltd. ( KS:005930) spokesperson provided the following:
The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader. In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options, and convenient options such as swipe and facial recognition. It is important to reiterate that facial recognition, while convenient, can only be used for opening your Galaxy S8 and currently cannot be used to authenticate access to Samsung Pay or Secure Folder.
This is a reminder that businesses should consider the convenience vs. security tradeoff. A fingerprint is more secure, but may introduce other security issues. Government agents can compel you or your employees to unlock a phone using a fingerprint or an iris scan. A PIN is the best choice if confidentiality of your company data is the highest priority.