As the title suggests, i'm making an app that allows the user to login using fingerprint authentication. The problem i'm having is where to store the credentials they submit?
The flow would be -> User logs in first time with credentials -> enable fingerprint auth and store these credentials -> Validate fingerprint then access stored credentials.
I thought of using SharedPreferences
but if the device is rooted these are easily accessible.
So where is the safest and most secure place to store these credentials to avoid them being accessed outside of the app?
EDIT:
I'm using this wrapper to handle the fingerprint authentication
https://android-arsenal.com/details/1/4493
Save passwords to your Google Account If Offer to save passwords is on, you'll be prompted to save your password when you sign in to sites and apps on Android or Chrome. To save your password for the site or app, select Save.
Where possible, username and password should not be stored on the device. Instead, perform initial authentication using the username and password supplied by the user, and then use a short-lived, service-specific authorization token. Using the AccountManger is the best option for storing credentials.
Biometric login provides a convenient method for authorizing access to private content within your app. Instead of having to remember an account username and password every time they open your app, users can just use their biometric credentials to confirm their presence and authorize access to the private content.
I use this library: https://github.com/JesusM/FingerprintManager. What I do is after the user sign in I take the user name and password and combine them into 1 string username:password, Then I encrypt this using the library. Next time user sign in into the app I decrypt it using this library.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With