[Albuca]

Well, yes and no. In the grand scheme of things, sure, there are more effective and secure methods of authentication. But like anything, you have to weigh security vs. usability. If you make things too secure (read: complex) then users won't use it.

There is also a huge difference between the $15 fingerprint reader you buy off of Amazon, and the "professional" scanner found in enterprise/secure devices (which in my experience, consist of a high resolution camera combined with software that detects (and looks for) movement of the finger on the scanner, "flattening" of the finger as its placed on the glass, among other things).

Further, there is the inherent need for someone (user or malicious person) to be on-site to present the biometric, as opposed 'remote' access using a username/password combination.

Like anything however, you also need to protect the core infrastructure, as well as the end-user interface. All authentication methods are useless if someone has direct access to the authentication server.

Just my $0.02