EN DE
VeilVault Logo

Documentation

Biometric Unlock

← Back to Docs Back to VeilVault →

Biometric Unlock

Biometric unlock is an optional convenience feature that allows faster access to VeilVault after initial authentication.

VeilVault is a security-first, offline-only password vault developed by CodeVeil.

Biometrics are designed to reduce friction, not to replace the master password.

Purpose

Biometric unlock exists to improve usability during normal, low-risk usage.

It allows users to unlock the vault more quickly after they have already established trust by setting a master password.

How Biometric Unlock Works (High-Level)

  • The master password remains the primary authentication factor
  • Biometrics act as a gate to unlock the vault during an active device session
  • All biometric verification is handled by the operating system

VeilVault does not access or store biometric data directly.

What Biometrics Do Not Do

Biometric unlock does not:

  • Replace the master password
  • Remove the need for the master password
  • Allow access if the master password is forgotten
  • Provide access after a vault wipe

The master password is always required for:

  • Initial vault creation
  • Importing a vault after reinstall
  • Changing the master password
  • Certain security-sensitive actions

Enrollment & Revocation

Biometric unlock must be explicitly enabled by the user.

Biometric access is automatically revoked when:

  • The master password is changed
  • The vault is wiped
  • The app determines biometric access is no longer safe

Re-enrollment requires confirmation using the master password.

Interaction with Decoy Mode

For safety reasons:

  • Biometric unlock is disabled after a decoy vault unlock
  • A real master password unlock is required before biometrics become available again

This prevents accidental access to the real vault after a decoy interaction.

Security Considerations

Biometrics rely on device-level security.

Their effectiveness depends on:

  • Device lock configuration
  • Hardware security features
  • Operating system integrity

VeilVault treats biometrics as a convenience layer, not as a cryptographic boundary.

Limitations

Biometric unlock cannot protect against:

  • A compromised operating system
  • Attacks while the vault is already unlocked
  • Coercion where the user is physically forced to authenticate

Users in high-risk environments should consider disabling biometric unlock.

Summary

  • Biometrics are optional and user-controlled
  • They never replace the master password
  • They can be revoked automatically for safety
  • They exist for convenience, not recovery or deniability

VeilVault prioritizes explicit trust boundaries over seamless automation.

← Back to Docs