Our latest YAKSS session explored how a simple, real-life observation can evolve into a fully functional product. Titled “Your Face Is the Key: Rethinking Access Control,” the session was led by our Software Engineer Slavcho Karafilovski, who presented a compelling case study on building a Face ID-based access control system using .NET 8.
What started as noticing an everyday inefficiency quickly turned into a business-oriented solution designed to simplify access management for both companies and their customers. The result is a web-connected system integrated with real hardware, transforming how access control is handled in practice.
The Problem with Traditional Access Control
Slavcho opened the session by breaking down the limitations of conventional systems. From shared credentials like cards, QR codes and PINs to the lack of accountability in tracking changes, existing solutions often fail to verify true identity.
He highlighted how these gaps can lead to significant revenue leakage, especially in subscription-based businesses. Without proper tracking or control, even small monthly losses per user can scale into thousands annually. Beyond financial impact, the absence of a clear audit trail creates operational blind spots and reduces overall system trust.
A Smarter Approach with Face ID
The proposed solution replaces traditional credentials with biometric authentication. By leveraging Face ID technology, access becomes personal and non-transferable.
The system works through a seamless flow: a user approaches the device, their face is scanned, membership is validated and access is granted—all within seconds. Behind this simple interaction is a robust platform that combines hardware and software into a unified ecosystem.
Key elements include:
- Biometric authentication that cannot be shared
- Full event logging for every action
- RFID fallback for edge cases
- A complete management platform for operations
System Architecture and Integration
Slavcho walked the team through the architecture, showcasing a thoughtfully designed system built with .NET 8 and structured using Clean Architecture and the Repository Pattern.
The application integrates directly with Face ID hardware devices, where biometric data is processed locally. This ensures that sensitive data never leaves the device, while the application handles membership validation, access control and system logic.
Additional components such as encrypted API communication, licensing validation, automated backups and anomaly detection contribute to a reliable and secure infrastructure. The modular design also allows easy scaling and device configuration without system downtime.
Security and Real-World Trade-Offs
A central theme of the session was security. Slavcho emphasized that biometric data remains on the hardware, while the application stores only essential metadata. Combined with encrypted communication and role-based access control, the system ensures confidentiality, integrity and availability.
He also addressed real-world challenges, including hardware dependency, lighting conditions and network reliability. Rather than avoiding these constraints, the system is designed with practical mitigations such as IR cameras, local fallbacks and modular configurations.
From Concept to Business Impact
One of the most impactful parts of the session was the comparison between systems with and without biometric access. By eliminating credential sharing and introducing full traceability, the solution not only improves security but also drives measurable business results.
For subscription-based businesses, this can mean eliminating losses and achieving significant growth within months of implementation. The addition of detailed logs and role-based permissions also brings a new level of accountability and operational clarity.
Looking Ahead
Slavcho concluded with a forward-looking roadmap that includes cross-platform support with .NET MAUI, a web-based management portal, mobile applications for users and advanced AI analytics for usage predictions.
These next steps position the system not just as an access control tool, but as a scalable digital product with real business value.
Key Takeaways
The session reinforced a clear message: rethinking everyday problems through an engineering lens can lead to powerful, real-world solutions. By combining biometric technology, solid architecture and practical design decisions, this project demonstrates how modern access control can be both secure and user-friendly.
Thank you, Slavcho, for an engaging and insightful session that showed how innovation often starts with simply asking, “Can this be done better?” Another inspiring YAKSS talk that turned a practical challenge into a meaningful solution, and we’re already looking forward to the next one.
