Biometric Unlock
Unlock the local credential vault with your platform biometric — Touch ID / Face ID or Windows Hello / fingerprint — instead of retyping the master password every time.
Overview
The credential vault is protected by a master password. Biometric unlock lets you open it with the platform's biometric authenticator so you get vault security without the friction of retyping a long passphrase on every launch.
How It Works
Biometric unlock uses the operating system's secure authenticator. The biometric check gates access to the vault key material on the device; your fingerprint or face data never leaves the OS and is never sent anywhere. The vault itself remains encrypted with AES-256-GCM as described in Credentials: Vault.
Availability depends on the platform and hardware (Touch ID / Face ID on macOS, Windows Hello / fingerprint on Windows).
Enabling & Disabling
Enable biometric unlock from the vault settings; you confirm with the master password once to authorize it. You can disable it at any time, which falls back to master-password unlock only.
Keep your master password. Biometric unlock is a convenience over the master password, not a replacement — you still need the password for recovery and on devices without a biometric authenticator.
Q&A
- Q: Does my fingerprint/face data go to NetStacks?
- A: No. Biometric matching is done by the OS; NetStacks only receives a yes/no unlock result.
- Q: What if biometrics fail or are unavailable?
- A: Unlock with the master password as usual.