Nearly all biometrics, except for physically invasive ones, are easily stolen.
All are forgeable.
Biometrics can never be revoked once compromised.
They're like the social security number of logins. Completely useless.
Using biometrics for security or identity violates practically every rule for secure credentials. They exchange convenience for extremely minimal security.
Perhaps the oft-cited username, not a password?
No, not even useful for that: for a mobile phone, a username isn't even needed in most cases because there's usually only one user on the device. It lends no additional security -- merely an extra step.
For a phone, a fingerprint is probably less secure than a swipe pattern.
It's security theater. Why do we keep equating biometrics with security?
For most people biometrics offer a better security posture than some of the alternatives.
The average user is at much greater risk of someone watching them enter a PIN/Password than having them capture and forge their biometrics.
All are forgeable.
Biometrics can never be revoked once compromised.
They're like the social security number of logins. Completely useless.
Using biometrics for security or identity violates practically every rule for secure credentials. They exchange convenience for extremely minimal security.
Perhaps the oft-cited username, not a password?
No, not even useful for that: for a mobile phone, a username isn't even needed in most cases because there's usually only one user on the device. It lends no additional security -- merely an extra step.
For a phone, a fingerprint is probably less secure than a swipe pattern.
It's security theater. Why do we keep equating biometrics with security?