Feature name
- “Simple” 2FA Option for Biometrics on Android
Feature function
Feature adds additional layer of security on top of the Biometric, so a user can not be forced to unlock with a fingerprint / face only. Different than rebooting, since a user may not be able to reboot their device in time to clear the master pass.
- Feature Adds: Enhanced Security
Feature Workflow
-
Assuming user has Biometric unlocked, for this example, we’ll use Android Fingerprint unlock.
-
User has already entered their Master Password to setup the session.
-
Currently: The user would unlock with their fingerprint (Biometric) and then be inside the vault.
-
Proposed: The app now has an additional set of settings:
-
Setting: Enable PIN prompt on Biometric use
-
Setting: Set your PIN code (4-8 digits)
-
Upon using their fingerprint to unlock the vault, the user is prompted for this PIN code. The pin code is much quicker than a master password and adds that extra layer to the Biometric.
-
Entering an incorrect PIN 3 times should do the logoff function.
-
Alternatively, an incorrect PIN could open a shadow vault with dummy data, the user would be able to tell (they should be able to recognize their own data), but someone observing the phone would not.
-
Related topics + references
- Same vein as this topic: 2FA confirmation when unlocking with biometrics … Please merge if you feel there is overlap.