Remove Biometric Authenticator on New OS Biometrics
Overview
You can remove the biometric and fingerprint authenticators when biometric credentials are changed in the OS settings. This will increase the security, because an attacker with access to the device passcode could add biometric credentials and try to authenticate with your application.
Removing authenticators on biometric credentials change, introduces a loss of convenience for end users. Changing biometric credentials in the OS does not necessarily imply, that the device is under attack, but if the end-user adds it, a new registration will be required.
If you do not want to allow using the device passcode as fallback for the biometric authenticator, we recommend removing the authenticator when new biometric credentials are added in the OS settings. An attacker with the device passcode can add new biometric credentials. So, if the authenticator is not removed when new biometric credentials are added, having access to the device passcode will also allow authentication (the attacker just needs to add the biometric credentials to do so).
- Android: Biometric Authenticators are only removed if new OS biometrics are added.
- iOS: Biometric Authenticators are removed if new OS biometrics are added or existing ones removed.
Availability
- New registrations only
- Nevis Access App version >= 2.7.0
- for all biometric authentication methods (Face ID, Touch ID, Fingerprint)
- Android
- all supported OS versions
- iOS
- all supported OS versions
Disclaimers
To be able to use this feature, existing registrations have to be deleted and replaced with new ones created using Access App version 2.7.0 or higher.