You can unlock your Chromebook or sign into eligible websites and apps with your fingerprint.
- Your fingerprint data is stored securely and never leaves your device.
- Your fingerprint data isn't shared with Google or any apps on your device.
- Apps are notified only whether your fingerprint was verified.
Cautions about fingerprints
Fingerprints are an easy way to unlock your device. But a fingerprint may be less secure than a strong password or PIN.
A copy of your fingerprint could be used to unlock your device. You leave fingerprints on many things you touch, including your device.
Fingerprint data is stored securely
Google has strict guidelines about how fingerprint data can be stored on your device.Security requirements for fingerprint hardware
Security requirements for fingerprint hardware
- A secure part of the hardware known as a Secure Biometrics Processor (SBP) captures and recognizes your fingerprint.
- Fingerprint data is secured within sensor hardware or trusted memory so that images of your fingerprint aren't accessible.
Secure storage and removal
- Only the encrypted form of the fingerprint data is stored on the file system, even if the file system itself is encrypted.
- Fingerprint data gets removed from the device when a user is removed.
- Even if the device gets rooted, fingerprint data isn't compromised.
- Google’s guidelines require fingerprint templates to be cryptographically authenticated. Fingerprint templates are processed versions of raw fingerprint images.
- Fingerprint templates must be signed with a private, device-specific key, like keyed-hash message authentication code (HMAC).This key must have the absolute file-system path, group, and finger ID, such that template files won't work on another device or for anyone besides the person who set them up on the same device. For example, it won't work to copy the fingerprint data from a different user on the same device or from another device.
- A device-specific encryption key, like Advanced Encryption Standard (AES), used for fingerprint data so that a raw image or fingerprint template isn't readable by a separate device.