# Reset authentication credentials
# Use case
Your end-user ends up in a position where they have no active second factor authentication method (neither PIN code nor biometrics) on their device.
This can happen if your end-user changes their biometrics on the device, and they have forgotten their PIN code. This results in a situation where they have a valid device, but no valid second factor authentication method.
When this happens, you want the process to reset the authentication credentials to be secure whilst still offering a positive and seamless user experience, and avoid the additional cost of having your end-user go through a full onboarding again.
If your end-user still has one active second factor (either PIN code or biometrics), then we recommend using this factor to reset the other second factor.
You can read more about this in the Add or Update sections of our SDK documentation in our Mobile Identity Partner Wiki (opens new window).
# How it works
Meet Jane, one of your active end-users who has activated MobileID in your mobile app. By mistake, Jane has reset her Face ID on her iOS device.
- Jane opens you mobile app. Since Jane has reset her Face ID, she can no longer use Face ID to authenticate herself. The app falls back to asking Jane to authenticate with her PIN code.
- Jane has forgotten her PIN code, and enters the wrong PIN three times.
- Your app then informs Jane that she is locked out. To reset the authentication credentials, Jane has to perform a Face Authentication.
- Jane starts by selecting a new PIN code.
- Jane completes a Face Authentication.
- Jane activates Face ID again.
Jane has now securely reset her authentication credentials, and can now easily access your services again.
Why Face Authentication instead of Face ID?
In some use cases, native biometrics such as Face ID will not work, and so server-side biometrics such as Face Authentication can be leveraged instead.
You can read about the differences between Face ID and Face Authentication in our feature documentation.
# What it looks like
The following diagram illustrates what it could look like to reset both the PIN code and Face ID with MobileID, from the perspective of your end-user.
To reset your end-user's authentication credentials, you can use our Face Authentication.
Face Authentication is a method that performs the face matching and liveness check on the server side. This allows you to perform Face Authentications when the PIN code and native biometrics do not work.
# Get access
Feature coming soon