Facial recognition can be used to determine whether or not a user has access privileges to a device such as a smartphone. It may be possible to spoof an authenticated user's image using a picture of the user. Implementations disclosed herein utilize time of flight and/or reflectivity measurements of an authenticated user to compare to such values obtained for an image of an object. If the time of flight distance and/or reflectivity distance for the object match a measured distance, then the person (i.e., object) may be granted access to the device.