Skip to main content
Version: 2.8.x.x RR

Remove Biometric Authenticator on New OS Biometrics

Overview

You can remove the biometric and fingerprint authenticators when the user adds new biometric credentials in the OS settings. This will increase the security, because an attacker with access to the device passcode could add biometric credentials and try to authenticate with your application.

Removing authenticators on biometric credentials change, introduces a loss of convenience for end users. Adding a new OS biometric credential does not necessarily imply, that the device is under attack, but if the end-user adds it, a new registration will be required.

If you do not want to allow using the device passcode as fallback for the biometric authenticator, we recommend removing the authenticator when new biometric credentials are added in the OS settings. An attacker with the device passcode can add new biometric credentials. So, if the authenticator is not removed when new biometric credentials are added, having access to the device passcode will also allow authentication (the attacker just needs to add the biometric credentials to do so).

Availability

  • New registrations only
  • Nevis Access App version >= 2.7.0
    • for all biometric authentication methods (Face ID, Touch ID, Fingerprint)
  • Android
    • all supported OS versions
  • iOS
    • all supported OS versions

Disclaimers

To be able to use this feature, existing registrations have to be deleted and replaced with new ones created using Access App version 2.7.0 or higher.