biometric solutions can only complement password authentication, and should not replace them. fingerprints have been repeatedly shown to be spoofed with unreasonably low effort from the privacy point of view, we're obliged to to store only the minimum of personal data, and biometrics is clearly sensitive personal data (=the most protected category). Should you choose to pursue this project despite the above concerns, make sure you respect both Our Privacy Standard and the regulations of the respective country. As a minimum, you should expect the need for: Privacy Impact Assessment of your solution (being sensitive personal data, biometrics puts you into highest protection level...), documented, informed consent of the individual (including full statement on how the data will be used, which parties will have access to it, cross-country transfers etc.). This BTW means your solution should only be offered on opt-in basis, which will likely weaken your business case. The user also needs to have an option to withdraw his consent, which should result in the auditable deletion of his biometric data on all devices where it's stored. auditable guarantee that this data will be used only for the stated purpose. auditable encryption of data at rest on each device, and in transit. All of these can be overcome -- just make sure you don't neglect them. I don't want to discourage you from pursuing an improvement here. We just need to make sure the solution is robust both from the security, technical and legal point of view -- and still be more practical than AMIGO PM. It's simply an area where a quick hack may not suffice.