# O3.13 Ensure that biometric authentication is not mandatory

{% tabs %}
{% tab title="Principle" %}
[O3 Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design)
{% endtab %}

{% tab title="Risk" %}
[RS1 Privacy Vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety)

[ ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety)[SV4 Technical shortcomings](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities)

[RI3 Exclusion](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion) 
{% endtab %}

{% tab title="Life Cycle Stage" %}
[L2 Strategy and Design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l2-strategy-and-design-old)
{% endtab %}
{% endtabs %}

## Practices

> * Implement policies that offer users alternative authentication methods besides biometrics, such as passwords, tokens, or multi-factor authentication, to ensure user choice and privacy.
> * Setting up the system and onboarding users has to happen in a proportionate and efficient manner that takes into account the existance of civil registries.
> * Storage of biometrical information on a central server requires prior explicit consent from the user. Biometrical information has to be specially protected.

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td></td><td><mark style="color:yellow;"><strong>Case Study</strong></mark></td><td>( to come soon..)</td></tr><tr><td></td><td><mark style="color:yellow;"><strong>References</strong></mark></td><td></td></tr></tbody></table>