PIN should not count as a biometric device for UserConsentVerifier
The documentation for UserConsentVerifier says that it:
> Checks for availability of a biometric (fingerprint) verifier device and performs a biometric verification.
However, if you have a PIN on your system, it treats that as a biometric device as well. This is not what the documentation indicates. UserConsentVerifier should not treat a PIN as a biometric device. It might make sense to have another method alongside RequestVerificationAsync that allows consent verification via PIN or password, but there needs to be a way to request biometric-only consent verification.
Ramez Snober commented
Currently the user has the option to use PIN code and ignore using the more secure method which is biometric login (using fingerprint or face recognition....) that totally remove the advantage of the existing biometric device.
Please allow the developer to force the user to use real biometric login method, and make the API inform the app in case no real biometric method exist.
btw: sergey is one of the developers of one of the most popular password apps. So, Mircosoft, Listen up !
Sergey Galich commented
Some degree of control in what verification options are desired is definitely welcome in API. And would be nice to include Picture Password into consent verifier as well.