And given that "police" have access to your fingerprint and your token/card then the only thing protecting you from self incrimination is your password !
2018 news article: Hackers steal 1.8 million fingerprint records from BigBank
Great, so now they can use those fingerprints to log into every other system that also requires my fingerprint. I guess I'll just have to change it... oh wait
I don't think most fingerprint with systems store actual fingerprints - think of it more like a hash, much like secure password storage. Stealing the data doesn't let you authenticate to other systems.
They store "minutiae" (sort of like keypoints) of the scanned fingerprints. As far as I know, there are no known methods of reliably hashing fingerprint/iris data.
The problem is the scanner/input-device. Unlike a password, the "input" is not always constant in what it gives you. So the resulted "hashed" value is not something you can "hit" again in order to do matching.
While the article you linked to points out correctly why they aren't good as passwords, they also aren't good as usernames (though they may be good as an alternative by which a username is looked up, with a fallback to using the real username), since they can be destroyed.
Palm prints were used at a nuclear facility I visited as an alternative to fingerprints in step 2. After you scan your id card you scan your palm print and the system verifies the palm matches the one that is registered with the card. They are not as unique as finger prints but it makes it much more difficult to use someone else's card (or username).
I have massive issues with the fingerprint systems like Apple Touch ID because of my eczema. Sometimes I have to retrain as often as once a week. I'm not alone with this problem, how exactly will these systems approach people with very real challenges with fingerprints, missing eyes and other issues?
I'm not offering this as a solution, but Touch ID reads subdermal features and therefore works on literally any exposed area of skin, not just your finger tips. People have tested with MANY parts of the body. (Seriously.) Perhaps you could use some other part of you to train the sensor?
Several banks here in Brazil have fingerprint readers in their ATMs. This makes at least two factors: what you have (the chip in your bank card, which also identifies you to the ATM) and who you are (the stored fingerprint). Depending on which operation you are doing, or on the amount of money involved, the ATM can also ask for the third factor (what you know): one or more of a numeric password, an alphabetic password (chosen from a group on the screen, so shoulder surfing just once isn't enough), the first/last three digits of your tax ID, your mother/father first name, and so on.
For phones, things aren't as advanced, though a bank manager told me that fraud happens more often when online banking is used on the computer, not on the phone. The phone is, in fact, often used as the second factor for online banking in the computer.
Passwords are the worst form of authentication, except for every other form.
If you want to ALLOW me to authenticate with biometrics, fine. But please for the love of security don't FORCE me to do it... And certainly don't make me use it without a second (non-biometric) form of authentication!
U2F is a good addition, but the current incarnations suffer from two issues.
First, most of us need access to our phones (no USB reader) and our computers (no NFC). Yubikey have a combo device, but it costs $50.
Second, they cost way too much given that most of us probably need two or three tokens in case we lose the primary one. $50 is fair enough for employees of large banks, but until they cost under $5 I doubt they'll take off for personal use.
If anyone knows of good value combined USB/NFC tokens, please enlighten all of us.
I've been down this road so many times and I always end up at the same conclusion. When you consider security, privacy, usability, and portability of each authentication system there are only two that are really viable. SSH keys OR Email/Password. Both of which have their flaws but have proven time and time again to be better than any of the alternatives that have been introduced over the years.
The Intel commercial with Jim Parsons exhorting the armored car drive to get a new, more secure laptop where "your face is your password" is definitely a cringeworthy moment, not just because of its ignorance, but because of how mainstream it is (plastered all over the NBA Finals).
"Who are you?" is the most expensive question in information technology. No matter how you get it wrong, you're fucked.
Passwords suck. But virtually everything else sucks far worse.
Biometrics, as many have already noted, 1) aren't passwords, 2) are usernames, 3) aren't universally present, 4) aren't immutable, 5) retain the problem of having to be stored as data to be verified, 6) aren't replaceable, and 7) can still be stolen, copied, faked, or otherwise misrepresented. At the very least. (Is there a "Myths programmers believe about biometric identifiers" page yet, because there needs to be one?)
Attesting to identity is a long-lived problem, though one that's changed through the ages largely in the scale of how many people it applies to and in what priveleges are granted based on attested identity.
Absent some alternative of a convenient, replaceable, inexpensive, repudiable, and effective portable token of some sort, I don't think the identification problem is ultimately solveable.
Electronic data are fundamentally different from data-on-physical-media. Electronic information tend, as Quinn Norton noted, to deleted or public -- those are the only possible end-states.
(Arguably paper-based records do as well, though the ratio of deleted to public is far higher.)
Electronic information lacks mass, and the attributes of mass. It has no, or very, very little, inertia. It can be transmitted around the globe in a fraction of a second. Multi-gigabyte, approaching terabyte storage, is now possible on fingernail-sized devices.
Data transactions unlike financial ones aren't reversible. It's possible to reverse or undo a financial transaction. The seen cannot be unseen, the heard cannot be unheard. Backing out data disclosures is not possible.
The World Wide Web was created as an information distribution system, specifically for academics. It's been extended far past that, but the fit has quite often been very, very poor.
There's a strong benefit to in-person physical transactions. There's a very high locality cost: getting to, and being present in, a specific location will cost you. Current rates are approximately $0.50 per mile traversed, plus other considerations. Being present in multiple locations simultaneously (or even in brief time) is exceptionally difficult to arrange. Physical reality has high attack costs.
Data presents low attack costs, and increasingly, highly appealing targets.
Devices, systems, users, administrators, vendors, and more, all exhibit exceptionally poor practices.
As one comment on this thread states, "If this replaces passwords, I am quitting this industry to raise chickens in a cave." To which I respond: stay out of my cave.
I know this was meant as a joke, but with touch ID, you can have up to 10 different "passwords", or 11 if you're the bane of Inigo Montoya. You could technically have ten more than that, but most people don't like having to remove their shoes to login.
It's still not as good as the nearly infinite number of potential passwords, but it's not like there's only a single possible fingerprint for you to use.
"What you are" (fingerprints / faces)
"What you have" (a token/card)
"What you know" (a password)
are different things, that you should adds up for improved security, not trade one for the other