(UPDATED) Bonus information:

We have been asked repeatedly about our implementation of biometric authentication in Trinity.

Biometric authentication is disabled on initial login as a security measure. Your seeds are stored behind two layers of encryption on your device; a decryption key is required to access them. Fingerprint/Face ID serve merely as a yes/no authentication request. This means that in order to have Fingerprint/Face ID on initial login, the seed decryption key would have to be stored on device. This presents a security risk. If your phone is stolen, and the decryption key is stored on your device, then it is possible for an attacker to extract your seed. However, in Trinity the decryption key is not stored on device. Instead it is generated from your password. While inconvenient, typing in your password on initial load greatly improves the security of your seed.

Biometric authentication is however available on subsequent logins within the same app session. After 5 minutes of inactivity, Trinity will log you out. You can then use fingerprint/Face ID to log back in. Unlike storing the seed permanently on device, this does not pose a security risk. The information required to generate the seed decryption key is wiped from memory when the app is reset or your device is restarted. To gain access to the decryption key, the attacker would first have to root/jailbreak the device, and in doing so, would wipe the decryption key from memory. This is one of the many reasons why we advise NEVER to use Trinity on a rooted/jailbroken device. It makes it far easier for an attacker to steal your seed.