Your face is only authenticating you to your device because that's what you chose. If you don't want that (e.g. your identical twin sister loves pranking you) you can just use a different authenticator. The remote web site deliberately has no idea your face was involved, it just knows your identity was verified on its behalf by the hardware storing your private key.
Your face is only authenticating you to your device because that's what you chose. If you don't want that (e.g. your identical twin sister loves pranking you) you can just use a different authenticator. The remote web site deliberately has no idea your face was involved, it just knows your identity was verified on its behalf by the hardware storing your private key.