Laravel: Login users with their fingerprints

If you want the package to start developing now, head to the [Larapass repository]( and install it in your application. However, if you would like to read it in more details please read [this article](

6 thoughts on “Laravel: Login users with their fingerprints”

  1. Quick question about CounterChecker; is this checking against a global count for the whole application (like a nonce), or a count per credential? Just thinking about high-concurrency and race conditions.

  2. I will repost my text from last month, as it’s clear many people still believe biometry is the (right) future.

    > I know science-fiction sold us biometric authentication, but there are inherent problems with that idea.

    > The first is that the authenticating factor cannot be changed (you can’t change your face or fingerprints at will, unlike a password). And it needs to be changeable, for when (not if) someone gets someone else’s auth data and a way to copy it. It doesn’t matter how secure your biometric authentication is : it really is a logical flaw.

    > Problem 2 : your data is either stored or transmitted at some point, meaning you have to give possibly very personal info to another party. Imagine what a leak of fingerprints from a big company could do. People being framed for crimes they didn’t commit, etc. Some entities have smart take on this, like some countries that store only a “fingerprint” of a fingerprint, not the fingerprint itself… but it’s still transmitted, hence storable (via a MITM or similar).

    > Problem 3 : using a finger print to authenticate on a device you put your hands on all the time isn’t the smartest idea.

    > AFAIK, password+OTP remain the 2 serious, validated, authentication methods. KeepassXC is a password manager that handles OTP. Now maybe biometry could be used as a complement for critical, on premises / in-enterprise systems, but likely not as a generalized public tool.


Leave a Comment