Disallow login using a fingerprint

Users with a fingerprint scanner can use their fingerprints instead of a password to log in. Fingerprint login needs to be set up by the user before it can be used.

Fingerprint readers are not always reliable, so you may wish to disable login using the reader for security reasons.

Disable login using a fingerprint reader:

  1. Create the user profile which contains the following lines:

    /etc/dconf/profile/user

    user-db:user
    system-db:local

    local is the name of a dconf database.

  2. Create the directory /etc/dconf/db/local.d/ if it does not already exist.

  3. Create the key file /etc/dconf/db/local.d/00-login to provide information for the local database.

    /etc/dconf/db/local.d/00-login

    # Specify the dconf path
    [org/gnome/login-screen]
    
    # Disable fingerprint reader
    enable-fingerprint-authentication=false
  4. To prevent the user from overriding these settings, create the file /etc/dconf/db/local.d/locks/login with the following content:

    /etc/dconf/db/local.d/locks/fingerprintreader

    # List the keys used to configure login
    /org/gnome/login-screen/enable-fingerprint-authentication
  5. Update the system databases:

    # dconf update
  6. Users must log out and back in again before the system-wide settings take effect.