[pgpony] $ download
// guide / biometric-lock-pgpony

How to set up biometric lock in PGPony.

About a minute to add Face ID, Touch ID, or fingerprint authentication on top of your passphrase protection. Convenience layer on top of existing security, hardware-backed where your device supports it.

~1 minute iOS / Android Device biometric required
// at a glance
  1. Settings tab
  2. Security section
  3. Toggle Face ID / Touch ID / Biometric Lock on
  4. Optionally enable Require for Decryption
  5. Test by closing and reopening PGPony
Prerequisites
  • A device with Face ID, Touch ID, or a fingerprint sensor
  • Biometric authentication already enrolled at the OS level
  • PGPony installed
// step 01

Open the Settings tab.

Open PGPony and tap the Settings tab — the gear icon at the bottom-right of the tab bar.

// step 02

Find the Security section.

Scroll to the Security section. On iOS, the toggle is labelled with your device's biometric type: Face ID Lock or Touch ID Lock, with the subtitle "Require authentication to open the app". On Android, the label is simply Biometric Lock.

// step 03

Enable the biometric lock.

Toggle {Face ID / Touch ID / Biometric} Lock on. PGPony immediately tests the biometric to confirm the OS-level enrollment works. Approve when prompted.

Optional second layer Directly below, the Require for Decryption toggle ("Re-authenticate each time you decrypt") adds a second biometric prompt at every decryption operation — even after the app is already unlocked. Worth turning on for high-stakes use where someone might briefly pick up your unlocked phone.
// step 04

Test it.

Close PGPony fully (swipe-up from the app switcher on iOS, remove from recents on Android). Reopen. The biometric prompt should appear before PGPony's contents are accessible. Failed biometric falls back to your device passcode or the key passphrase — you're not locked out of your own key.

Verify it worked.

  • Opening PGPony triggers the biometric prompt.
  • Failed biometric attempts fall back to passcode / passphrase (you\'re not locked out of your own key).

Common questions.

What if biometric fails?

PGPony falls back to device passcode or your key passphrase. Biometric is a convenience layer, not a replacement.

What does biometric protect?

Access to PGPony or to individual cryptographic operations, depending on configuration. Without it, anyone with your unlocked phone could open PGPony.

Does enrolling another face / finger weaken security?

Expands the set of biometrics that unlock PGPony to everyone enrolled in the device registry. Only enroll biometrics you trust.

Forced unlock?

Depends on jurisdiction. In some places, biometrics can be compelled while passphrases cannot. For that threat model, disable biometric and rely on passphrase only.

Does biometric replace the passphrase?

No. The passphrase still protects the underlying OpenPGP secret key. Biometric authorizes PGPony to unlock the local keychain entry. The key itself remains passphrase-protected.

Next steps.

Hygiene

Back up your private key
Hygiene

Rotate your PGP key safely
Use

Decrypt a PGP message

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store
Get it on Google Play