About 10 years ago, I tried out a program for Windows XP that let me login and unlock the computer using my face. My mind was summarily blown, but my pragmatic, nerdy forebrain quickly regained control. This was back when webcams had VGA (640×480) resolution or less, and state of the art processors were 1.4GHz AMD Athlons. How on earth was this program detecting and accurately identifying my face in just a few seconds?

It wasn’t, of course: It was simply analyzing a few key points on my face and making an educated guess. This was borne out by the fact that my sister, who unfortunately (or fortunately, depending on your point of view) has a very similarly-shaped face to me, could unlock my computer. On two occasions my mother unlocked my computer with a printed photo of my ugly mug to find my stash of furry fandom porn. I never did find out why she unlocked it a second time, mind you. But false positives were just the beginning! There were false negatives, too — the times when my room was too dark, my camera lens too smudged or out of focus, or my makeup too thick, to make an identification.

The sad thing is, despite the intervening decade, facial recognition systems are still just as awful. The resolution of built-in webcams has improved, but it’s still just as easy to fool a system by holding up a photograph (or by wearing a prosthetic latex mask, if you prefer). In the case of Facebook and Google’s automatic face-recognition of uploaded photos, the increase in digital camera resolution has helped a lot, too, but the process itself takes an unfeasibly long time. With Ice Cream Sandwich we now even have enough processing power to squeeze facial recognition into a mobile device, but it’s slow — and don’t even try using it if you’re wearing a hat or happen to be in a poorly-lit area (which describes about 90% of the cases where you’d want to unlock your phone with your face).

The biggest deal breaker, though, is security. There is absolutely no way that facial recognition can ever be used as a biometric authenticator. You can get very close to 100% accuracy with supercomputers and high-resolution images, but network administrators need 100% certainty — and heck, such a system can still be bypassed by holding up a photo. On a smartphone, the problem is even worse: A Galaxy Nexus (or other ICS device) has no where near the resolution or processing power to accurately identify a face, and yet Google has somehow seen fit to include it. Do you know how many high-powered executives, politicians, and researchers have access to sensitive files and email through their smartphones? How much do you want to bet that some of them uses Face Unlock instead of the far-more-secure PIN Unlock method?

Another worrying trend is the facialification of social services. Facebook has been tagging the faces of your friends for a while, and now Google+ offers Find My Face. There are services like Face.com that provide an API for facial recognition, allowing third parties to police uploaded images (“is that a face or a breast?”) or websites that scour the internet for a celebrity (or the target of your creepy, stalkerish crush). All three services pose security and privacy concerns. You probably haven’t thought about this, but how do you think Google and Facebook identify faces? By storing the (very exact) details and dimensions of your face. How long will it be before that data is used for Minority Reportesque advertising?

Ultimately, though, security concerns will kowtow to coolness. Logging into a system using your face or having a computer pick a friend’s face out of a crowd is so sci-fi awesome that facial recognition is here to stay. On the positive side, our love for non-password-based logins and the proliferation of digital cameras in laptops and smartphones mean that we’re in great shape for retina and iris scanning, both of which are a lot more rugged than facial recognition. Whatever happened to fingerprint scanners on laptops, too? They would be perfect on the backside of smartphones.