Biometric protection

On mobile devices with a biometric sensor (Touch ID or Face ID on iOS, or a fingerprint sensor on Android), users can protect their activated authenticator with their fingerprint or their facial image, regardless of whether authenticator PIN protection is enabled or not.

The following platforms are supported for the biometric protection:

• Android devices: 6.0 and later

• Samsung Android devices: 5.0 and later

• iOS devices: 12.0 and later

With biometric protection activated in the device settings and the authenticator application configuration, users could use this security feature also for their Mobile Authenticator Studio application. In this case, biometric protection replaces the original password protection settings configured for the Mobile Authenticator Studio application: authenticators without PIN protection will be protected by the biometric protection. If, however, the authenticator is already protected by a PIN, PIN protection will still be in place, but the PIN will, in turn, be protected biometrically. In this case, it is possible to allow a PIN fallback mechanism. When pressing Fallback, a popup will be displayed to enter the PIN.

If the biometric protection feature is disabled in the device settings, default authenticator password protection takes over. When using PIN-protected authenticators, users will have to type the PIN to generate a response. If the authenticator is not PIN-protected, no user interaction is required for response generation.

If biometric protection is activated in the device settings but the user decides not to use it to protect their authenticator, they can always activate this feature afterwards. This can be done in the Settings menu of the Mobile Authenticator Studio application.