Biometric Prompt Design

Biometric prompt design addresses how applications integrate Face ID, Touch ID, and Android biometric authentication. These platform-provided authentication mechanisms have standardized prompts that applications cannot fully customize. Design systems must specify how to trigger biometric authentication, what messaging to provide, and how to handle fallback scenarios.

What Is Biometric Prompt Design

Biometric prompts are system-provided UI for fingerprint, face, or other biometric authentication. Applications trigger these prompts for secure operations like login, payment authorization, or sensitive data access. The actual biometric collection and verification happens through platform security frameworks.

iOS provides Face ID and Touch ID through the LocalAuthentication framework. The system handles biometric UI; applications provide reason strings explaining why authentication is requested.

Android provides BiometricPrompt API that abstracts fingerprint and face recognition into a unified interface. Applications configure prompts with titles, subtitles, and negative button text.

How Biometric Prompts Work

iOS biometric authentication presents system UI with an application-provided reason string. The reason string should clearly explain why biometric authentication is being requested.

Biometric Prompt Implementation:

iOS (LocalAuthentication):
let context = LAContext()
context.evaluatePolicy(
    .deviceOwnerAuthenticationWithBiometrics,
    localizedReason: "Authenticate to access your account"
) { success, error in
    // Handle result
}

- Reason string: Only customizable element
- System handles Face ID / Touch ID UI
- Fallback to passcode available
- Error handling for failures

Android (BiometricPrompt):
BiometricPrompt.PromptInfo promptInfo = new PromptInfo.Builder()
    .setTitle("Biometric login")
    .setSubtitle("Log in using your biometric credential")
    .setNegativeButtonText("Use password instead")
    .build();

biometricPrompt.authenticate(promptInfo);

- Title: Primary prompt text
- Subtitle: Secondary explanation
- Negative button: Fallback action text
- Device credential fallback available

Design Considerations:
- Clear reason/title explaining authentication purpose
- Appropriate fallback for devices without biometrics
- Error handling for failed authentication
- Enrollment check before attempting biometric

Trigger context determines when biometric prompts appear. Login flows, payment confirmation, and accessing sensitive data are common triggers. Unnecessary biometric requests frustrate users.

Fallback authentication provides alternatives when biometrics fail or are unavailable. Password/PIN entry, device passcode, or delayed retry options maintain access when biometric authentication does not succeed.

Enrollment checking verifies biometric availability before attempting authentication. Applications should check whether biometrics are enrolled and available, providing appropriate alternatives if not.

Key Considerations

• System UI cannot be fully customized
• Reason strings should clearly explain purpose
• Fallback authentication must be available
• Check biometric enrollment before attempting
• Handle all failure scenarios gracefully
• Platform differences in customization options

Common Questions

What text should biometric prompts display?

Purpose-specific reason strings explain why authentication is needed. “Verify your identity to view account balance” is better than “Authenticate.”

Consistent tone across the application maintains voice. All biometric prompts should sound like they come from the same product.

Brief, clear language respects user attention. Users should understand instantly why they are authenticating.

Avoid technical jargon. Users may not know “biometric authentication” but understand “use Face ID” or “use fingerprint.”

How should applications handle biometric failure?

Offer password/PIN fallback immediately. Users should not be locked out by biometric failure. Alternative authentication must be available.

Explain failure appropriately. “Face ID did not recognize you. Try again or use password.” provides clear guidance.

Limit retry attempts reasonably. After several failures, require password entry to prevent frustration and potential security issues.

Handle specific error cases. Biometric not enrolled, biometric changed, and biometric locked out require different handling and messaging.

How do design systems specify biometric integration?

Trigger guidelines indicate when biometric authentication is appropriate. Login, payment, and sensitive data access warrant biometric; routine actions do not.

Messaging templates provide consistent reason strings. Templates ensure appropriate tone and clarity across all biometric prompts.

Fallback flow specifications describe authentication alternatives. Design systems should show complete flows including biometric failure scenarios.

Testing requirements ensure all scenarios are covered. Biometric success, failure, not enrolled, and device without biometric hardware all need testing.

Summary

Biometric prompt design integrates Face ID, Touch ID, and Android biometric authentication through platform-provided UI with application-specified messaging. Clear reason strings explain authentication purpose. Fallback authentication provides alternatives when biometrics fail. Design systems should specify when to trigger biometric prompts, what messaging to display, and how to handle all failure scenarios across platforms.