Open clauxx opened 3 months ago
@clauxx could you please elaborate, i see the password in figma
@flexsurfer we adapted the designs to include the password cause it was easier/quicker at the time, but originally it wasn't there. It was needed because the password was necessary for enabling the biometrics and we didn't want to make all users store it in the keychain, hence we're prompting the user every time. Here we should find a way to do it without (i guess storing the hashed password in the keychain when the user adds the password during onboarding)
CC @cammellos
thank you, then we should descope it from release I guess
This is not exactly a very frequent action; usually biometric is enabled in onboarding so I would keep password for enabling onboarding from settings for security reasons
@churik should we remove this from 2.29?
removing from milestone
Bug Report
Problem
Follow up to https://github.com/status-im/status-mobile/pull/18258
Currently, when enabling biometrics from the password settings, the user is prompted to enter their password, which is different from the figma user flows.
This is necessary due to us using having to store the password in the keychain so that during the log-in flow, the successful biometrics check would log the user in with the keychain password. One way to avoid that is to always store the password during onboarding, not only if the user enables biometrics, and never delete the password from the keychain (currently we delete it when disabling biometrics and when logging out).
This could have security implications, so it should be discussed with the design team and the CCs (in the discord
#biometrics
channel).Expected behavior
The password is not prompted when the user enables biometrics in the password settings
Actual behavior
The password is prompted when the user enables biometrics in the password settings