Skip to content

[ECUK/EU] First biometric auth after log out/in sees unnecessary soft prompt #86284

New issue
New issue
Open
Open
[ECUK/EU] First biometric auth after log out/in sees unnecessary soft prompt#86284
Assignees
rafecolton
Labels
EngineeringImprovementItem broken or needs improvement.ReviewingHas a PR in reviewWeeklyKSv2
@rafecolton

Description

@rafecolton
rafecolton
opened on Mar 24, 2026

Problem

The first time a user uses MFA after they log out and back in, they see the soft prompt instead of moving right to authentication. The problem was revealed by #86059, though it wasn't caused by it.

Follow-up to #86059

Why is this is a problem?

It's not intentional and causes unnecessary friction.

Solution

The onyx key deviceBiometrics stores whether or not the user has seen the soft prompt. We intentionally store it in onyx so that a user who deletes and reinstalls the app on iOS will see the soft prompt. This is necessary because in that situation they will see the system prompt, and we always want them to see the soft prompt first. However it had the unintended side-effect of carrying the behavior over into log out/in. Storing deviceBiometrics in onyx will fix that, so we won't show the soft prompt unnecessarily on log out/in, only if the app is fully deleted or the value manually deleted from onyx in the browser.

In order to prevent this value's storage from affecting other users, we'll have to turn it into a collection and incorporate the accountID, like we do for stored passkeys.

Metadata

Metadata

Assignees

Labels

EngineeringImprovementItem broken or needs improvement.ReviewingHas a PR in reviewWeeklyKSv2

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions