Over the past year or so, I’ve been adding “fingerprint sensor” to the specs of new Chromebooks. Obviously, if the device doesn’t have one, I don’t put it in the specs. But more Chrome OS devices are coming with a fingerprint sensor, even lower-priced devices like the HP Chromebook x2 11, which is on sale for $349. There’s a functionality problem though. And because of that, I think a fingerprint sensor needs to do more than it does today.
The Chromebook fingerprint sensor problem explained
Essentially, a Chromebook fingerprint sensor does one thing and one thing only right now. It lets you log in to or unlock (OK, that’s two very similar things) your laptop. And while that is extremely useful, there’s more it could be doing.
I have a Windows laptop with a fingerprint sensor, for example. It too lets me log into the operating system or unlock the computer. And since I do one or both of those activities many times a day, that’s where I can save time. The same holds true of a Chromebook with a fingerprint sensor.
On the Windows device, however, that fingerprint sensor works with other applications that verify security.
The best example is 1Password, which is my password manager of choice. I recently switched to this app as I didn’t want to keep my online credentials in the cloud with Apple and Google.
When I need to unlock my 1Password account to fill in web or app credentials, I use the fingerprint sensor on my Windows laptop. But on the Chromebook, I have to manually type my master password to do the same thing. Even if the Chromebook has a fingerprint sensor, I still have to do the typing.
It would clearly be so much easier to tap my finger to the sensor and have my credentials automatically populated in a split second. And as much as I log in to or unlock a Chromebook daily, I enter passwords many, many times more each day. So this is a big pain point for me personally.
My password manager is just one example though and I’m sure there are others. I don’t know of any third-party apps or services that use the fingerprint sensor of a Chromebook for authentication. I could be wrong, so if you know of one, let me know.
So what’s the difference here between the implementations on Chrome OS?
I can think of two.
One is that Google has built the Chromebook fingerprint sensor solution into Chrome OS and hasn’t opened it up to any third parties. As a result, it’s only programmed to work with the Chrome OS lock screen.
The second is that any of the third-party apps or services on a Chromebook are typically just Chrome browser extensions. I have the 1Password desktop app on my Windows device. But I have the 1Password extension on my Chromebook. And I don’t know if an extension can access the device hardware layer at a level including a fingerprint sensor. If that’s the case, then I don’t ever see this situation changing.
My hope is that in the future, Google works with third-party software vendors to expand the use of a Chromebook fingerprint sensor. Because right now, it’s just a fancy way of doing one thing, when it could do so much more.
8 thoughts on “The Chromebook fingerprint sensor needs to do more”
“And I don’t know if an extension can access the device hardware layer at a level including a fingerprint sensor. If that’s the case, then I don’t ever see this situation changing.”
Yes a web app can access hardware using APIs such as Web USB and Web Serial etc. Google pioneered these standards. However it would depend on how the fingerprint sensor is implemented. If it has the security built in then that’s useful because the authentication is done by the device, however there would be the question of whether a web app could snoop fingerprint tokens for logging into the laptop. It would be much better if Google abstracted the fingerprint device into a virtual device, and did the security authentication processing generating a signed token with the TPM chip, and then exposing that service as a virtual USB device so that web apps can consume it
Sounds like something that would benefit everyone if Google and developers could find a way to make it happen. The MS Outlook app on my Samsung smartphone logs me in with my fingerprint on the screen. The SafeInCloud app does the same thing. Sure beats 2FA. So technically, a fingerprint reader doesn’t need to be a separate button. Would be nice if Chromebooks were also able to scan your fingerprint from the screen just like a smartphone.
This is exactly the reason I moved my wife’s primary laptop from Chrome OS after 5 years to a Windows 10 laptop with biometrics. Logging into LastPass is much easier now including filling up credit card numbers. It’s amazing how much a trillion dollar company like Google is failing to implement in Chroma OS, and the irony is someone pointed above that Google was the one that pioneered the web APIs for access to biometrics through the browser.
I think people would be amazed by the small team sizes Google have working on Chrome OS. It sure could do with more effort from Google both technically and marketing wise. Rather than just hopping everything will work out if they just plod along as they are.
Sometimes Google just has too big an ego and thinks it’s up to the consumer to workout how great their products are, rather than pushing harder marketing wise and new features wise (stable versions rather than beta for years and years.)
Google has virtually zero experience of selling things direct to consumers for actual proper money in the way Apple has. If that doesn’t change it’s easy to see so many Google products just fail.
WebAuthn is supported on Chromebooks with fingerprint readers, for web sites that support it (like GitHub).
If your Chromebook does not have a fingerprint sensor you could get the same security by using a Yubikey that is supported on some web sites and use your finger on the key to open the site.
Why can I use my phone to unlock after a reboot but not the fingerprint sensor?
Very very good point. My major disappoint with getting a finger print reader on my X2 11