Are we talking about defeating facial recognition as tricking a system in to a false positive, a false negative or to DoS it? The IR emitter under the ballcap of course will DoS it, but then again, you are making yourself a much more obvious target by sticking out to even the most novice operator (if it's an automated system, a big glowing dot in place of a face is MUCH easier to flag than a face). If you come back with "but then they won't know who I am", well, come on, use your head. You just made yourself a target and are visible in the "optical" spectrum, they take your picture and use other techniques.
If you are trying to trick a system in to a false positive, then a simple picture has been shown to work for some of the lower end systems (ie those you will find in laptops). Biometrics aren't the panacea to identification/authentication, they are just a lot more convenient and APPEAR to be more effective on the surface for the most part. The makeup attacks I've read about defeat ONE facial detection algorithm.... congrats.
Case in point, security access to some nuclear power plants about 10+ years ago was controlled by a palm scan and an ID badge (just a photo badge, no fancy electronics or watermarks). This was believed to be good enough until someone realized that a cardboard cut out of the person's hand would fool the system. The incredibly forward-looking security folks struck back with an addon that would detect the depth of the hand so a simple piece of cardboard wouldn't work. Hackers responded with a pop sickle stick turned on edge.
Modern bio metrics, in combination with the two other pieces of the authentication triangle (something you know (password), something you have (ID badge, fob, etc), something you are (bio metrics)) can be a very difficult security mechanism to defeat. As with anything, the devil is in the details and how dedicated and well-funded your adversaries are.