iOS Question IOS Authentication Method Question(?)

[mollensoft]

All, I have a question about Authentication on IOS and What Are The Recommended Paths Forward?

Is everyone's APP relying on Touch ID/Face ID? Offering a Secondary/Backup? Offering Some Combination of the two? Doing something Totally Different?

I would like to understand what is the recommended methodology for IOS Authentication - below are the options I can think of, please recommend others:

1. Rely on IOS Touch ID/Face ID for the App

2. Prioritize IOS Touch ID/Face ID but offer a back up using 6 digit Integer passcode

3. Only use a 6 digit Integer Passcode

4. [Something Else?]

Thank you For your recommendations/insights

-Alan

 

[Erel]

Why is authentication needed? How are you verifying the user with your server?

 

[mollensoft]

Hi Erel, for the simple App I'm making there is no Server needed, all the data is kept in a SQLite DB on the device.

So I'm trying to determine how to secure the data in the App - I think using Touch ID/Face ID to authenticate the user each time they use the app is good but should I force the user to use app authentication to access the application? The App's data is not really that sensitive but building in security seems like the best thing for all apps.

When I look at what other apps are doing, some have zero access authentication, some force the use of Face ID, some use Face ID with an alternative numeric Pin. IOS security is pretty good to protect the data on the device so I think using Face ID/Touch ID is sufficient.

Also, I want to understand best practices and trends from other dev's - thank you

-Alan

 

[Semen Matusovskiy]

Typically zero authentication is the best solution. Personally I (and I think most of us) press lock button automatically. To unlock Face ID / Touch ID / PIN is required. So, I don't see reason in additional annoying check.

Of course, there are bank's applications and similar, where security is too important. If to select beetween methods, I prefer password (PIN).
IMO, 'secret' apps should automatically log off, if user does not work with app, for example, 1-2 minutes.

 

[Erel]

I agree with @Semen Matusovskiy. Unless you are creating an app with special security requirements then there is no reason to add another face id / touch id check.

Anyway, the relevant code is here: https://www.b4x.com/android/forum/threads/ios-touchid.55018/#content

 

[mollensoft]

Thank you Erel and @Semen Matusovskiy, I greatly appreciate you sharing your thoughts and expertise - I will add Touch/Face ID as an Option in the Setting Screen so the user can turn it on if desired.

-Alan