No, our anti-spoofing models detect these kind of attacks and block such authentication sessions.
How does Entry work?
Let's check high-level architecture diagram of Entry, focusing on the main concerns from the security and privacy perspective
FaceDB: safe storage of personal sensitive data eliminates the risk of data leaks.
User Management: user data (including PII) and user biometrics are separated.
Clients and integrations: communications are encrypted and verified, all enterprise clients are compartmentalised.
What data is shared with connected apps?
In majority of cases it is something simple - user id, email, name. User's biometrics never leave the vault at the back-end.
How secure is Entry?
Even having full access to all databases does not allow a hacker to examine or steal someone else's biometric identity. One of the main privacy-preserving features is that you cannot trace individual biometric records to a particular person outside just by looking at the data. There are no credentials in the usual sense of the word, so there is nothing to steal from the DB that would potentially have value. The user management part stores external IDs that are meaningless by themselves β they merely provide the connection between customers and their hashed identification results.
What is the difference with Apple's Face ID?
There are plenty of them and while looking similar on the front underneath it is very different. First of all we do not use any special hardware, only webcam. Second is that face recognition is performed on the server. Third - it works on Android devices. You can read more about Entry tech [here](https://getxix.com/blog/how-xix-entry-changes-the-way-we-authenticate)
Is it possible to see Entry in action without registration?
Sure, e.g. here is how we use it to authenticate into our gSuite