Skip to main content

Reset authentication credentials

Use case

Your end-user ends up in a position where they have no active second-factor authentication method (neither PIN nor biometrics) on their device.

This can happen if your end-user changes their biometrics on the device, and they have forgotten their PIN. In this situation, the end-user has a valid device, but no valid second-factor authentication method.

When this happens, you want the process to reset the authentication credentials to:

  • Be secure.
  • Offer a positive and seamless user experience.
  • Avoid the additional cost of having your end-user go through a full onboarding again.
Active second-factor authentication method

If your end-user still has one active second-factor authentication method (either PIN or biometrics), then we recommend using this factor to reset the other second factor.

You can read more about how to do this in the Add or update sections of our Android and iOS SDK documentation.

How it works

Meet Jane, one of your active end-users who has activated MobileID in your mobile app. By mistake, Jane has reset her Face ID on her iOS device.

  1. Jane opens you mobile app. Since Jane has reset her Face ID, she can no longer use Face ID to authenticate herself. The app falls back to asking Jane to authenticate with her PIN.
  2. Jane has forgotten her PIN, and enters the wrong PIN three times.
  3. Your app then informs Jane that she is locked out. To reset the authentication credentials, Jane has to perform a face authentication.
  4. Jane starts by selecting a new PIN.
  5. Jane completes a Face authentication.
  6. Jane activates Face ID again.
Success!

Jane has now securely reset her authentication credentials, and can now easily access your services again.

Why face authentication instead of Face ID?

In some use cases, native biometrics such as Face ID will not work, and so server-side biometrics such as face authentication can be leveraged instead.

You can read about the differences between native and server-side biometrics in our Face authentication feature documentation.

What it looks like

The following diagram illustrates what it could look like to reset both the PIN and Face ID with MobileID, from the perspective of your end-user.

Diagram showing end-user flow for resetting authentication credentials

Diagram showing end-user flow for resetting authentication credentials

How to implement

To reset your end-user's authentication credentials, you can use our face authentication feature which introduces an authentication method that uses server-side biometrics.

It performs a two-second facial scan with 3D Liveness Check and 3D Face Matching on each authentication. This allows you to perform face authentications when the PIN and native biometrics do not work.

To learn about our face authentication, how to implement it and how to test it, see our Face authentication feature documentation.

Last updated:
On this page