Question

Native Apps – Biometric Authentication

0

Hi All, We have a Native Mobile project running and I’m looking to improve the authentication experience for the user – using the Biometric activities would be a great experience, rather than a username and password. How have others implemented this? The username and password can be cached in local device storage to then pass to the Sign in Activities if Biometric Auth succeeds, I have this working but this feels like a security risk.. Does anyone have a workflow that they have used? Thanks!

asked 2020-02-17

Ian Huddart

1 answers

Nick Sanjines · Answer 1 · 2020-04-14

I’ve implemented this in my projects the same way you have described.

Security-wise, this is written to an app-specific folder that is private to the app. As long as the users are applying best practice (authentication to unlock device, not rooted/jailbroken), this should suffice.

However, if you are in a very security-conscious industry, you may consider encrypting the username and password strings before storing, and then decrypting after retrieve using a JS library, or you could even implement a react native secure key store. Usually, in that type of industry, even more is needed such as root detection/binary tampering, etc. which would involve a few other libraries as well.