The Samsung Galaxy S8 and S8+ come with a face recognition system. However, this system has already proven to be insecure. This means that people who you haven't authorized to use the device can unlock your phone by using a photo of your face and fooling the face recognition system to believe that you are the owner of the phone. The Galaxy S8 then just unlock the phone and give full access to that person. The thing is that nowadays it's very easy to get face images of people by just visiting their Facebook account and downloading their selfie images. We all know that selfies are very popular nowadays and many people take selfies.
This makes the face recognition unlocking system very insecure and I personally wouldn't have used it at all. It's much better to use the iris scanner or fingerprint reader option to secure your data on your phone. The fingerprint scanner is relatively very secure and this is why it is used in Samsung Pay to authorize a transaction. I remember seeing the same embarrassing issue with Android "liveness" check a few years ago.
In the video above posted by Marchanotech YouTube user, you can see how the guy who posted this video tricks the Galaxy S8 into believing that the guy in the photo is the owner of that Galaxy S8 unit. The Iris scanner is obviously much more secured and works like a fingerprint with very detailed scanning so it will be almost impossible to fake. This is why there are many companies who use iris scanning to secure important assets. Maybe the combination of the two could have provide even more secure results.
This test was done using a pre-production model from what I've read, I'm interested to see if Samsung could do something to address this issue, because if it stays like that, nobody would use this photo, at least anyone who is aware of this security issue.