Common Biometric Authentication Security Mistakes

1.0Ionic Bloghttps://ionic.io/blogMax Lynchhttps://ionic.io/blog/author/maxCommon Biometric Authentication Security Mistakesrich600338<blockquote class="wp-embedded-content" data-secret="EJDc53A6S3"><a href="https://ionic.io/blog/common-biometric-authentication-security-mistakes">Common Biometric Authentication Security Mistakes</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://ionic.io/blog/common-biometric-authentication-security-mistakes/embed#?secret=EJDc53A6S3" width="600" height="338" title="“Common Biometric Authentication Security Mistakes” — Ionic Blog" data-secret="EJDc53A6S3" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://ionic.io/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://ionic.io/blog/wp-content/uploads/2020/08/ionic-biometric-authentication.png1600880Most apps utilizing authentication need to provide the user with ways to persist user sessions, or store sensitive values such as encryption keys, all while enabling automatic login using biometrics. There is one very common way that developers first try to implement this: show the fingerprint or face id prompt, and once the user passes […]