Can Apps or Websites Create Their Own Biometric Verification Systems?

WebAuthn might be your best bet for adding biometric authentication. It's smart to collaborate with engineers to see what's possible technically rather than trying to come up with a solution all on your own.

Once the user clicks 'Add Passkey', the app managing that passkey, like Bitwarden, will handle the process. Your app won’t get direct access to their vault—it just facilitates the integration. Just remember, for a website to handle Face ID or Touch ID directly, it'll still have to work through those third-party services.

Many companies I know use single sign-on with services like Okta, which offers secure one-time passcodes. There are likely off-the-shelf solutions that could help you implement what you're trying to achieve. You should definitely look into WebAuthn or check out guides on how to add fingerprint logins for websites.

It's generally better to let the operating system handle biometric verifications, like using its keychain. This way, the app can use standard username/password and the OS can save it securely, allowing authentication through biometrics instead of having to re-enter passwords. Trying to create a custom solution for biometrics could be unnecessarily complicated. If you're looking for more security beyond username/password, consider implementing two-factor authentication instead.