Managing Login Password with Fingerprint


#1

I am trying to implement a solution where instead of entering their password, the user can use their fingerprint/faceID to log in. In order to do this, it would seem that the easiest way would be to store the user’s password on the device and fetch it when there is a successful authentication. However, how secure is this? I can’t imagine storing the password in something like AsyncStorage and only fetching it based on a true/false value would be very secure. How is this typically handled?


#2

Hey @cmeredith! You could call https://docs.expo.io/versions/latest/sdk/fingerprint.html#expofingerprintauthenticateasync and then use https://docs.expo.io/versions/latest/sdk/securestore.html to get/set the value.

iOS/Android don’t give you a way to directly encrypt data using the fingerprint - the fingerprint APIs on both platforms basically give you a boolean for whether the fingerprint matches.


#3

Thank you for your reply! That makes total sense. Being a paranoid developer I wanted to make sure I wasn’t doing something totally horrible, but it sounds like this is the best solution.


closed #4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.