As a user, I want to switch between profiles using biometrics, so that I don't need to re-enter my password each time I log in.
Description
Currently, after a user logs out, they are always redirected to the password input screen, which can be confusing and frustrating for users managing multiple profiles (Figma).
The new solution will always redirect users to the profile selection screen after logout (not the password input screen). When the user proceeds to press on any profile, the previous auth mechanism is chosen. For example, if Face ID was enabled for a profile, the user would automatically login using Face ID.
The solution can be considered slightly less secure because after log out, the biometrics are still valid. One could say that if the user logged out is because they want to remove all traces of their login state, but, for the moment, we are going forward with this approach because we want to cause the least amount of friction for users. The problem was also reported by users (Notion).
In a future release we can evolve the solution and provide two different alternatives:
1) Logout from Settings, will remove all traces of biometrics for a given profile.
2) Switch profile button, which will not clear up biometrics (screenshot and Figma).
Acceptance Criteria
Before starting implementation, initiate the 3 amigos process with a designer and a mobile QA to define the acceptance criteria. Document these criteria in this issue.
Roughly, what we are looking for:
A user should always be able to login via biometric authentication if the setting was enabled (per profile).
A user is only asked for their password when biometric authentication is disabled (either because it was never enabled or because the user explicitly disabled in Settings.
Logging out does not clear up biometric auth data.
Feature Issue
User Story
As a user, I want to switch between profiles using biometrics, so that I don't need to re-enter my password each time I log in.
Description
Currently, after a user logs out, they are always redirected to the password input screen, which can be confusing and frustrating for users managing multiple profiles (Figma).
The new solution will always redirect users to the profile selection screen after logout (not the password input screen). When the user proceeds to press on any profile, the previous auth mechanism is chosen. For example, if Face ID was enabled for a profile, the user would automatically login using Face ID.
The solution can be considered slightly less secure because after log out, the biometrics are still valid. One could say that if the user logged out is because they want to remove all traces of their login state, but, for the moment, we are going forward with this approach because we want to cause the least amount of friction for users. The problem was also reported by users (Notion).
In a future release we can evolve the solution and provide two different alternatives:
1) Logout from Settings, will remove all traces of biometrics for a given profile. 2) Switch profile button, which will not clear up biometrics (screenshot and Figma).
Acceptance Criteria
Before starting implementation, initiate the 3 amigos process with a designer and a mobile QA to define the acceptance criteria. Document these criteria in this issue.
Roughly, what we are looking for:
Notes
Resources