You can unlock your FydeOS device or sign into eligible websites and apps with your fingerprint.

  • Your fingerprint data is stored securely and never leaves your device.
  • Your fingerprint data isn't shared with FydeOS or any apps on your device.
  • Apps are notified only whether your fingerprint was verified.

#Cautions about fingerprints

Fingerprints are an easy way to unlock your device. But a fingerprint may be less secure than a strong password or PIN.

A copy of your fingerprint could be used to unlock your device. You leave fingerprints on many things you touch, including your device.

#Fingerprint data is stored securely

FydeOS has strict guidelines about how fingerprint data can be stored on your device.

Security requirements for fingerprint hardware

Security requirements for fingerprint hardware

Secure location

  • A secure part of the hardware known as a Secure Biometrics Processor (SBP) captures and recognizes your fingerprint.
  • Fingerprint data is secured within sensor hardware or trusted memory so that images of your fingerprint aren't accessible.

Secure storage and removal

  • Only the encrypted form of the fingerprint data is stored on the file system, even if the file system itself is encrypted.
  • Fingerprint data gets removed from the device when a user is removed.
  • Even if the device gets rooted, fingerprint data isn't compromised.

Fingerprint hardware security requirements

  • FydeOS’s guidelines require fingerprint templates to be cryptographically authenticated. Fingerprint templates are processed versions of raw fingerprint images.
  • Fingerprint templates must be signed with a private, device-specific key, like .This key must have the absolute file-system path, group, and finger ID, such that template files won't work on another device or for anyone besides the person who set them up on the same device. For example, it won't work to copy the fingerprint data from a different user on the same device or from another device.
  • A device-specific encryption key, like , used for fingerprint data so that a raw image or fingerprint template isn't readable by a separate device.