Understand fingerprint security

You can unlock your Chromebook or sign into eligible websites and apps with your fingerprint.

  • Your fingerprint data is stored securely and never leaves your device. 
  • Your fingerprint data isn't shared with Google or any apps on your device. 
  • Apps are notified only whether your fingerprint was verified.

Cautions about fingerprints

Fingerprints are an easy way to unlock your device. But a fingerprint may be less secure than a strong password or PIN.

A copy of your fingerprint could be used to unlock your device. You leave fingerprints on many things you touch, including your device.

Fingerprint data is stored securely

Google has strict guidelines about how fingerprint data can be stored on your device.

Security requirements for fingerprint hardware

Security requirements for fingerprint hardware

Secure location

  • A secure part of the hardware known as a Secure Biometrics Processor (SBP) captures and recognizes your fingerprint. 
  • Fingerprint data is secured within sensor hardware or trusted memory so that images of your fingerprint aren't accessible.

Secure storage and removal

  • Only the encrypted form of the fingerprint data is stored on the file system, even if the file system itself is encrypted.
  • Fingerprint data gets removed from the device when a user is removed.
  • Even if the device gets rooted, fingerprint data isn't compromised.
 Fingerprint hardware security requirements
  • Google’s guidelines require fingerprint templates to be cryptographically authenticated. Fingerprint templates are processed versions of raw fingerprint images.
  • Fingerprint templates must be signed with a private, device-specific key, like keyed-hash message authentication code (HMAC).This key must have the absolute file-system path, group, and finger ID, such that template files won't work on another device or for anyone besides the person who set them up on the same device. For example, it won't work to copy the fingerprint data from a different user on the same device or from another device.
  • A device-specific encryption key, like Advanced Encryption Standard (AES), used for fingerprint data so that a raw image or fingerprint template isn't readable by a separate device.

Related articles

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11311059953658208684
true
Search Help Center
true
true
true
true
true
208
false
false