A new pop-up appears during log-on asking for additional legitimation after fingerprint was verified. see attached. Then I can do both: provide the password or simply ignore and cancel without any limitations. How can I get rid of this extra step?
it might be asking to unlock the secret store (mainly used by chrome’s password manager and visual studio code for something or other)
afaik the fingerprint reader cant provide the encryption key (usually derived from your password and unlocked by a pam module on login)
does the popup appear after locking (not logging out) and authenticating with the fingerprint reader (assuming the password was entered at least once before)?
1 Like
It’s asking you to unlock the build-in keyring, which can only be unlocked with the password. I’d generally recommend to do the initial login always with the password (the same way Android always want the initial login after a reboot/update to be with the pin code instead of the fingerprint).
The fingerprint then works fine for sudo or unlocking a locked screen.
1 Like
Thanks for your prompt answers! I will use password to log-on instead of fingerprint, though.
in general linux fingerprint reader support is pretty janky (because pam still hasnt added the ability to try two different authentication methods concurrently, so your screen locker has to implement starting and managing multiple pam stacks itself or it must implement its own fingerprint reader support independent of pam). im not experienced in setting it up on gnome (im guessing gnome wants to always unlock the secret storage on login) - in my setup, i only have to provide the password to unlock it the first time an application requests it.