[dpark]

So there are two things I would like to address. First, fingerprints do not need to be cryptographically secure to be sufficient for a great many purposes. As you noted, a house lock can be picked in seconds by someone with moderate skill and yet they are sufficient for physical security on most cases.

Second, and more important, we need to stop pretending that passwords actually work well when we have these sorts of conversations. The reality is that most people reuse the same passwords everywhere and when they are forced to use secure/unique passwords they cope by doing things like writing them down on sticky notes attached to their monitors. The reality is that most people are probably using a compromised password for their bank access because they used the same password on a dozen sites that have been compromised. When we compare fingerprint security to passwords, we need to stop comparing it to the mythical unique passphrase because essentially no one is using that.

I'll also point out that copying someone's fingerprint when they cooperate by taking a clay mold is quite different from lifting a fingerprint off, e.g., a glass. But nonetheless, I do not dispute that it is quite feasible to clone fingerprints.