If it requires physical access to the device to enter the four-digit PIN or scan a fingerprint, that would be a substantial step up from passwords which could be used from anywhere in the world.

The pin code can be easily registered by one of ubiquitous security cameras.

Fingerprints can be lifted from photos where your hand is in frame. And no, you can't change fingerprints after they are compromised.

>it requires physical access to the device

Reducing your attack surface to the people who can/are willing to gain physical access to your device to use a passkey is orders of magnitude smaller than a password that can be taken and used from anywhere in the world, without having to get up from their computer.

If someone really wanted to gain access to something of yours, they could take you and your family hostage and force you, but that is an incredibly small attack surface. "What we have accomplished" is shrinking the attack surface, not perfect security.

The use of biometrics as a password sounds like a bad idea.

Angela Merkel and Ursula von der Leyen are examples of this, fingerprints and iris scans lifted from mere photos.

In some countries even it is mandatory to store the fingerprints and photo from citizens, or at airports, what makes biometrics almost public.

Besides having all the logins under a single pin on a device that can be lost or stolen sounds just as bad, soon the people will be aimed to store them online to avoid it (trick-or-treat).

> Fingerprints can be lifted from photos where your hand is in frame.

Or used with your own fingers while you have been drugged or you passed out being drunk.

A PIN or fingerprint aren’t necessarily less secure than a password (and can in fact be much more secure).

In any case, nobody is stopping you from using a password-secured implementation! I do that myself on some of my devices.

It's a 6 digit pin but it's safer because it's backed by a hardware token or secure element which limits the attempts to 5 or 10 tries before locking itself.