[Feature] Encrypt device biometrics for authenticating Saved Logins #20096
Comments
It's not possible for any app to actually read directly from the fingerprinter reader, nor should we do this if it was possible. There is nothing more secure that we can do with that data than the OS can.
Also mentioned in the Reddit thread, If someone knows your PIN, all bets are off. You should immediately change your PIN if that is the case. If you have a shared device, consider using multiple profiles for each user. I'm going to close this as WONTFIX. We can re-open it if I've misunderstood the intention. |
But doesn't that make Masterpassword for Desktop computer pointless? Because, "If someone knows your PIN of computer, all bets are off. You should immediately change your PIN if that is the case." Or should we bring back the Masterpassword to Firefox mobile? Because it is one of the safest way to Firefox could protect its own product (Lockwise). |
To a degree, yes, this is true. I am not a member of the security team on desktop but that is my understanding at least. For Android, you are not limited to only a four-digit pin. Android devices 5.0+ should all have options for a PIN, Password, or Pattern: https://support.google.com/android/answer/9079129?hl=en |
@jonalmeida I think people should know:
What Firefox is doing for its own Lockwise security? I'm not saying, don't depend/trust on Android security. |
Why I'm asking for this? Let's give a real-life scenario where using device fingerprint is really bad:
People can add fingerprints if they know the user's device pin, which is not a good thing.
I think it would be great if Firefox keeps fingerprint within itself, especially when doesn't have the option of master password for mobile anymore. Like how some banking application keep user fingerprint to themself for next login after when the device is registered.
A discussion made here in reddit about this issue.
┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: