I’ve always been intrigued by the idea of using facial recognition to log in to a computer. In theory, it’s the most convenient form of system security – the computer simply sees it’s you and grants access. It should be a very natural, frictionless approach.

Except that, most of the time, it’s not.

I first saw a demonstration of facial recognition from IBM in the late 1990s at Comdex, but it’s only become mainstream in the last few years. It’s common now for traditional PCs to have facial recognition, particularly notebooks with webcams built into their screens. Unfortunately, most facial recognition programs don’t work that well. I’ve yet to find a system that reliably logs me into a PC at least 90 percent of the time.

The latest version of Google’s Android software – version 4.0, or Ice Cream Sandwich – brings facial recognition to smartphones. It’s included in the Samsung Galaxy Nexus I wrote about Monday, and reviewed in my print column today. As with PC-based systems, it’s not perfect – but it’s one of the best implementations I’ve run across, at least in terms of its ability to recognize my face.

It is, however, also one of the most insecure.

As with other facial recognition systems, you must first train Android 4.0 to know what you look like. The software uses the front-facing camera to take a photo. When you turn on facial recognition unlocking, the front camera turns on and tries to match what sees with the stored image. If there’s a match, you’re logged into the phone. if not, you can log in using a PIN or Android’s pattern-tracing screen.

The software encourages you at setup to take multiple pictures. For example, if you wear glasses, snap some setup photos without them. Grab other images in different lighting. Take some holding the phone at waist level, looking down at it, and others where you’re holding it up in front of your face. The more you take, the better it becomes at matching you under various circumstances.

I’ve trained the Galaxy Nexus to the point that it logs me in about 80 percent of the time, and when it doesn’t, I’ve snapped another setup picture at that location, holding the phone in the same position at which it failed. Once I do that, it doesn’t make that mistake again.

However, it doesn’t have to actually see the real me to provide access to the phone.

I took a picture of myself with my iPhone, and then pulled that likeness up on the screen. I aimed the iPhone image at the Galaxy Nexus’ camera, and voila! The Android phone unlocked and I was granted access. This works every time I try it.

I’m not the first to discover this. A blogger attending the November unveiling of Android 4.0 posted to YouTube a video showing a picture being used to unlock the phone.

Now, Google is quite upfront about the fact that this is not a particularly secure way to lock your phone. When you begin the setup process, a screen warns you that other ways of locking the device are more secure.

Over time, Google will improve this feature so it can’t be fooled by a picture. Facial recognition is pretty cool when it works, and if I owned this phone, I’d be very tempted to use it because it’s so handy.

But given that smartphone owners put so much of their life’s information on these devices, it’s not smart to rely on facial recognition as a locking system right now. It’s just a novelty until it’s more secure.