PIN or Biometrics for Mobile Key only

Biometrics provide a convenient and diverse layer of security preventing unauthorized use of the mobile key. A sensor checks the user’s thumbprint or face to verify the user’s identity before unlocking the app.

We choose not to use biometric locks for every key in the Keymaster system, for several reasons. First, biometric support is not widely used and available for hardware wallets. Secondly, using biometric locks for all of the keys incentivizes kidnapping, since a person’s face or thumbprint can be used to forcibly activate the devices. Finally, the collection of biometric data by a third party could be used against a client.

Many clients already use fingerprint or face-scan technology on their mobile phones. Both iOS and Android store this data locally and not in a remote database. We make usage of this technology because it is already available, but we strongly recommend against using biometrics by default without an analysis of the biometric system’s security and privacy. Finally, always make sure any biometrics you use do not use a 3rd party system. We’ve heard reports of cryptocurrency apps that use 3rd-party face scan systems (instead of Apple iOS or Android directly on device). This is a security nightmare. If Apple, Samsung and other phone manufacturers refuse to store customer face scan data in centralized databases, you can be sure that you should never trust another 3rd party company with this data.