Biometric Authentication Template

The OS handles this gracefully. When the OS detects that the enrolled biometric no longer matches, the biometric prompt fails. The user falls back to their password or PIN. They may need to re-enroll their biometric through the OS settings first, then re-enroll in your app. Your app should detect when biometric enrollment has changed and prompt for credential verification before re-enabling biometric auth.

Yes, through the WebAuthn API. Modern browsers support platform authenticators (Touch ID on Mac, Windows Hello, phone fingerprint via cross-device authentication). The [passkey template](/templates) covers WebAuthn implementation planning in detail. Web biometric auth is less mature than native mobile but is gaining rapid adoption.

Track three metrics: enrollment rate (users who enable biometrics / eligible users), biometric auth success rate (successful biometric logins / total biometric attempts), and fallback rate (times users fall back to password / total auth attempts). A healthy biometric implementation has 60-80% enrollment, 95%+ success rate, and under 10% fallback rate.

No, and it should never be. Apple Face ID/Touch ID and Android BiometricPrompt process biometric data entirely on-device using a secure enclave or Trusted Execution Environment. Your app receives a cryptographic proof of successful authentication, not the biometric data itself. This is a critical point for privacy policies and compliance documentation. ---