If you want the package to start developing now, head to the [Larapass repository](https://github.com/DarkGhostHunter/Larapass) and install it in your application. However, if you would like to read it in more details please read [this article](https://itnext.io/laravel-login-users-with-their-fingerprints-5161ecdca63b?source=friends_link&sk=91772c7921e864dfebee3f957fa6f677).
6 thoughts on “Laravel: Login users with their fingerprints”
Wow this is awesome dude!
Great job, hope you keep it updated.
Quick question about CounterChecker; is this checking against a global count for the whole application (like a nonce), or a count per credential? Just thinking about high-concurrency and race conditions.
Is it possible to add this to my already existing passport auth? So I have both passwords and fingerprints
I will repost my text from last month, as it’s clear many people still believe biometry is the (right) future.
> I know science-fiction sold us biometric authentication, but there are inherent problems with that idea.
> The first is that the authenticating factor cannot be changed (you can’t change your face or fingerprints at will, unlike a password). And it needs to be changeable, for when (not if) someone gets someone else’s auth data and a way to copy it. It doesn’t matter how secure your biometric authentication is : it really is a logical flaw.
> Problem 2 : your data is either stored or transmitted at some point, meaning you have to give possibly very personal info to another party. Imagine what a leak of fingerprints from a big company could do. People being framed for crimes they didn’t commit, etc. Some entities have smart take on this, like some countries that store only a “fingerprint” of a fingerprint, not the fingerprint itself… but it’s still transmitted, hence storable (via a MITM or similar).
> Problem 3 : using a finger print to authenticate on a device you put your hands on all the time isn’t the smartest idea.
> AFAIK, password+OTP remain the 2 serious, validated, authentication methods. KeepassXC is a password manager that handles OTP. Now maybe biometry could be used as a complement for critical, on premises / in-enterprise systems, but likely not as a generalized public tool.