Biometric Login (Face ID / Fingerprint)

Biometric login directly addresses the usability needs of peer mentors with motor impairments or limited digital confidence - the user populations highlighted across all three workshop organizations. A one-touch login removes password entry friction in the field, increasing the likelihood that activities are logged immediately rather than deferred and forgotten, which is the core underreporting problem the platform is built to solve. The on-device biometric check adds no server-side complexity or data sensitivity risk, making this a high-value improvement with low implementation risk relative to the user impact it delivers.

Implemented in Flutter using the local_auth package, which wraps iOS LocalAuthentication and Android BiometricPrompt. Biometric data never leaves the device; the check simply unlocks access to the stored refresh token in Flutter's platform secure store (Keychain on iOS, Keystore-backed on Android). On successful biometric verification the app calls POST /auth/refresh to obtain a new access token. Enrollment is offered after first successful full login and can be revoked in Settings. Re-authentication with full credentials is enforced after session revocation, device re-enrollment, or 30 consecutive days of inactivity to maintain security hygiene.