Ironically, biometrics are probably your best defense from intrusion. The government can have your password/passcode in 5 minutes just by calling Apple/Google/Verizon/AT&T/etc, but biometrics requires that they physically obtain your device in order to get into it. Furthermore, biometrics aren't used for anything that can be exploited presently. A thief can't just email your bank a copy of your thumbprint and clear out your account...no institution would ever accept anything other than you being physically present to enter your print. I often wonder if the people warning us about the perils of the fingerprint scanner actually believe what they say, or merely want the rest of us to believe it. Fact of the matter is, even if the government could figure out a way to "use" your prints it would mean that they wouldn't even need to bother as they would probably already have all the info about you that they wanted.
----------
LOL. Good point. Hell, if the government really wants your fingerprint and if you've ever touched a doorknob...guess what?
Biometrics are currently being used for the wrong pieces of the security puzzle.
There are 3 aspects of security that need to be handled.
Identification - Who do I say I am?
Authentication - Can I prove it?
Authorization - What am I allowed to do?
Biometrics are passable when used as part of a system for Identification, *bad* for Authentication, and *worthless* for Authorization. Current systems try to use biometrics for combined Identification and Authorization.
The reason to not use biometrics as your *sole* identification factor are pretty simple. It's damned easy to replicate biometric signatures for the vast majority of systems out there.
Fingerprints are simple, just pick up a glass that the person has touched, and you can use the latent prints to create a 3D fingerprint that will fool virtually every fingerprint reader out there. It doesn't even take any exotic materials for all but the best of them. (I'm talking gelatin that you can buy in at the local grocery store.) Iris scans are better, but have still been broken with high resolution images, despite the fact that they are supposed to require the pulse of blood flow through the iris to work.
But why not use them for Authentication?
Because once it's been replicated it can never be changed! Imagine a password that you can set to anything you want, but you can never change it again. If someone manages to guess it *once*, your accounts will be compromised until the end of time. Fingerprints give you up to 9 do-overs over the course of your entire life, assuming you never lose, or significantly damage a finger tip. Iris or retinal scans only give you 1 do-over.
This is also why biometrics are only passable for Identification if they are used as *part* of an Identification system.
