robbiehanson
commented
9 months ago In all cases, the seed should be backed up before enabling any of these options. Or at least show a visible warning.
This is "low hanging fruit" and would go a long ways in helping the user. We have had several reports from users who have broken their hardware, and Face ID no longer works. They contact us because they enabled Face ID in Phoenix, and now they're locked out of the app.
These users can be put into 2 groups: A) those who have a backup of their recovery phrase B) those who don't
For (A) it's not a problem, as they can simply re-install the app. For (B) it's not so good...
Phoenix should provide more options for app access control, each with their own trade-offs: 1) biometrics authentication: the recommended option. It enables fine-grained control on a device that is shared between several users (e.g. a family), reasonably secure, but less private and prone to hardware malfunction 2) the device's PIN/password: no fine control and probably less secure, but it's robust 3) a custom password: private & secure, but users can lock themselves out. This can also cause confusion with bip39 passphrases, or with the wallet's recovery phrase.
Currently, 1) is supported on Android and iOS. 2) is supported on Android as a fallback. 3) is not supported.
Enabling these options
The app access screen should let the user select one or several of the 3 options above. 1) should be prominent, 2) and 3) should be advanced settings.
In all cases, the seed should be backed up before enabling any of these options. Or at least show a visible warning.
Authenticating
When authenticating, if the user picked several authentication methods, he will first select one, then can authenticate.
Fallback
In last resort, the user should be able to enter the recovery phrase to open the app. See #339.