I know with the lenovo's one of my friends was able to login using his fingerprints if he tried enough times. It's not really a secure method of authentication, but I guess if it's a home computer and you're not worried about that sort of thing then it could be handy.
To be honest a password is rarely that secure either and actually a combination of authentication methods based on the circumstances would be better for both business and home.
I've had a work Thinkpad with fingerprint sensor and would happily have used it in many situations over a password, despite the flaw you describe.
Its obviously not ideal that someone could repeatedly swipe the sensor and it would occasionally let them in by mistake (although I believe the TouchID sensor is more accurate/secure). However, when working in a busy office/site someone could quite easily overlook your password entry if they had nefarious intentions.
Given a choice between the two, I'd often feel more secure knowing it would take someone lots of repeated failed attempts in a busy office/site to gain entry. As that would likely draw more suspicion then someone managing to spy my password and then entering it to gain immediate entry.
The problem is people rarely change their password (and even if forced by policy just use simple to guess iterations), or take much care when entering their password. Even if you are particularly careful to obscure password entry, it can offend those around you. That can be a little bit tricky when its a client in particular.
The biggest problem I had with previous solutions was how unreliable they were at letting the right person in (i.e. detecting my fingerprint correctly), rather then letting the wrong person in
TouchID on the other hand has been great and I'm happily using it for a year now (and thats on a phone, where auth is done far more often). I'd happily ditch my current laptop, taking a significant hit in depreciation and jump in a new machine with TouchID.
Especially since Apple appear to be implementing TouchID in the correct way (the way it would work best for me

). Password is needed on boot up, too many failed attempts and password is required, they are looking like integrating it into general password control.
Implemented in the same way on a laptop could definitely improve security for most people IMO:
- For transport and longer absences from the machine shut it down (or suspend to non touchID mode) so a password is required.
- For short absences and repeated <suspend/resume/auth> cycles use touchID, keeping your password safe from prying eyes and encouraging you to choose a longer password as you don't need to enter it so many times.
- Provides a middle ground for storing passwords for auto entry. Some could be auto entered (the ones I don't really care about so much), some could require TouchID (the ones I want to be secure, but also want some convenience) and some are not saved at all as security is critical.
I hope they get around to adding it sooner rather then later
