Biometrics and Security keys make Auth Armor more secure and easy to use. Your mobile device contains biometric sensors, such as FaceID, TouchID, and other fingerprint sensors. These components work with the secure chips in your device and generate encryption keys that can be used to securely prove identity.
Biometric data is never sent from mobile devices. Auth Armor uses built in functions and never even sees biometric data. The mobile device it self is internally validating the information then returning encrypted data that can be cryptographically proven.
Security Keys contain secure chips inside and generate the same kind of encryption keys that mobile devices can. Security keys are a great addition to account security. Auth Armor recommends you use Security Keys for account recovery options.
Each Auth Request will return cryptographic information that will prove the authenticity of the message. The public key of the device that signed the message, as well as the message contents, the message hash and cryptographic information used to validate the signature are all included in the response.
Auth Armor does not simply return a basic "true" or "false" that you should blindly trust, unlike many Auth Services. Auth Armor does return a true/false Boolean, but also returns everything else to backup that true/false flag.
If a mobile device does not support biometrics, Auth Armor will fall back to pin support on Android devices. On iOS devices, Auth Armor will use the built in Pin function from iOS devices. Pin is not as secure as biometrics or security keys, but is the only fallback method that can be supported if a device does not have it.
If you do not wish to accept pin from Android, you can set the flag in the API to force biometrics or only accept security keys. For iOS, a pin can always be accepted as Auth Armor can not block iOS pin entry.