Apple is pushing Face ID as a next-generation security feature on the iPhone X since dropping its fingerprint reader. Face ID's claimed adaptive technology meant to handle changes in your own appearance over time may have a somewhat fundamental flaw in its operation.
When a person that looks like you attempts to unlock your phone using Face ID and fails, entering a password to manually unlock the phone will update the facial recognition data used. This makes it very easy for family members to grab your phone, look at it, then hand it over for you to type in the password after Face ID has failed to find a match. Reddit users were quick to perform exactly this process for proof of concept.
The next time a look-alike user tries to unlock your phone with Face ID, they will likely be successful. Technically this is not a flaw and Apple has documented this feature of Face ID, but it certainly weakens Face ID without a clear workaround. An Apple support document discloses that Face ID will "update this data when it detects a close match but a passcode is subsequently entered to unlock the device".
Although in theory Face ID is significantly harder to bypass than Apple's Touch ID fingerprint system on the iPhone 8 and previous models, this seems to be a pretty easy way to fool users into unlocking their new iPhone X. Apple could release a patch to explicitly ask whether to update facial recognition data in order to rectify the issue.