fprintd-delete

Remove all fingerprints for a specific user

$ fprintd-delete [username]

$ fprintd-delete [username] [[-f|--finger]] [left-thumb|left-index-finger|left-middle-finger|left-ring-finger|left-little-finger|right-thumb|...]

$ fprintd-delete

fprintd-delete [OPTIONS] [FINGER_ID]
fprintd-delete --all [OPTIONS]

-u, --user USER
    Specifies the user whose fingerprints are to be deleted. If omitted, the command operates on the fingerprints of the current user.

FINGER_ID
    The unique identifier of the specific fingerprint to be deleted. If this is omitted and --all is not used, the command may list available fingerprints and prompt for selection.

--all
    Deletes all enrolled fingerprints for the specified user (or the current user if --user is not provided).

-h, --help
    Displays a help message and exits.

--version
    Shows version information and exits.

fprintd-delete is a command-line utility for managing biometric data within the fprintd (Fingerprint Daemon) framework. It allows users or administrators to securely remove previously enrolled fingerprints from the system. This command is crucial for maintaining privacy, enhancing security by removing outdated or compromised prints, or simply reconfiguring biometric authentication. It supports deleting specific fingerprints by their ID or removing all enrolled prints for a specified user. Proper permissions are required to operate this command, especially when managing fingerprints for users other than the current one.

• Permissions: Deleting fingerprints for other users typically requires root privileges (e.g., using sudo).
• Irreversible: Once a fingerprint is deleted, it cannot be recovered. It must be re-enrolled using fprintd-enroll.
• Service Status: The fprintd daemon must be running for this command to function correctly.
• Fingerprint IDs: The FINGER_ID argument might be session-specific. It is generally safer to use the interactive prompt or the --all option to avoid errors due to changing IDs after reboots or service restarts.

If no FINGER_ID is provided and --all is not used, fprintd-delete may prompt the user to select which fingerprint to delete from a list of currently enrolled prints, providing a user-friendly way to manage individual prints.

Regularly deleting old or unused fingerprints is a good security practice, especially if a fingerprint sensor is replaced or if there's any concern about the integrity of biometric data. This helps minimize the attack surface related to stored biometric identifiers.

The fprintd project, which includes fprintd-delete, was developed to standardize fingerprint reader support and integrate biometric authentication seamlessly into Linux desktop environments and system-wide authentication. It provides a common API for different fingerprint hardware and a daemon to manage enrolled prints, addressing the previous fragmentation in Linux fingerprint support.

fprintd(8), fprintd-enroll(1), fprintd-verify(1), pam_fprintd(8)