Android: Simple 2FA Option (PIN) for unlocking with Biometrics on Mobile

Feature name

  • “Simple” 2FA Option for Biometrics on Android

Feature function

Feature adds additional layer of security on top of the Biometric, so a user can not be forced to unlock with a fingerprint / face only. Different than rebooting, since a user may not be able to reboot their device in time to clear the master pass.

  • Feature Adds: Enhanced Security

Feature Workflow

  • Assuming user has Biometric unlocked, for this example, we’ll use Android Fingerprint unlock.

  • User has already entered their Master Password to setup the session.

  • Currently: The user would unlock with their fingerprint (Biometric) and then be inside the vault.

  • Proposed: The app now has an additional set of settings:

    • Setting: Enable PIN prompt on Biometric use

    • Setting: Set your PIN code (4-8 digits)

    • Upon using their fingerprint to unlock the vault, the user is prompted for this PIN code. The pin code is much quicker than a master password and adds that extra layer to the Biometric.

    • Entering an incorrect PIN 3 times should do the logoff function.

    • Alternatively, an incorrect PIN could open a shadow vault with dummy data, the user would be able to tell (they should be able to recognize their own data), but someone observing the phone would not.

Related topics + references

This would be extremely appreciated. I currently do not have biometric enabled on my device because it softens security overall - I would like password OR biometric+pin with the default to logged out (device restart, x hours) being password and prompt on password being biometric+pin.