Biometric authentication feels like the obvious upgrade. No more remembering long strings of characters; just press your finger or look at your phone. The marketing leans into “you are the password.” But under the hood, biometrics swap one set of vulnerabilities for another, and several of the new ones are worse. For most threat models, biometrics are a convenience upgrade โ not a security upgrade.
You can’t change your fingerprint
The single biggest structural problem with biometrics is irrevocability. If your password leaks, you change it. If your fingerprint or face template leaks, you have ten fingers and one face for the rest of your life. The 2015 OPM breach exposed 5.6 million federal employees’ fingerprints. Those people cannot rotate that credential. Once a biometric template enters a breach corpus, it’s a permanent liability for any system that ever uses biometrics in the future.
Spoofing is easier than people think
The film-and-glue era of fingerprint spoofing has been extended by photo-based face spoofing, 3D-printed masks for older Face ID generations, and gummy-bear-style fingerprint replicas that have defeated mass-market sensors in published research. Modern flagship phones are harder to fool than they used to be, but biometric sensors on cheaper devices, laptops, and door locks span a wide quality spectrum, and most consumers can’t tell the difference between a state-of-the-art sensor and a budget one.
Legal protections are weaker
Under U.S. case law, the legal status of a password and the legal status of a biometric are not the same. Courts have generally treated passwords as testimonial โ you can invoke the Fifth Amendment to refuse to disclose one. Fingerprints and face scans have often been treated as physical evidence โ closer to a key than to testimony โ and courts have ordered defendants to unlock devices with them. Whether you care about this depends on your threat model, but it’s a meaningful asymmetry that the marketing never mentions.
When biometrics actually help
Biometrics shine in one specific role: as a convenient second factor on top of a password, not as a replacement for one. They’re also genuinely useful for raising the floor on consumer behavior โ a Face ID lock is dramatically better than no lock at all, which is what a lot of people would otherwise have. The problem isn’t biometrics existing; it’s biometrics being marketed as a categorically superior replacement when they’re a different trade-off.
The takeaway
Passwords are flawed, but they’re rotatable, jurisdictionally protected, and don’t get permanently leaked into a global breach corpus. Biometrics are convenient, hard to remember-fail with, and reasonable as one factor in a multi-factor scheme. The honest framing is that biometrics belong alongside strong passwords and a password manager โ not in place of them. Anyone using just Face ID with a four-digit fallback PIN has chosen the convenience version, not the secure one.
Leave a Reply