Good passkeys also should only exist to be checked on the device. Fingerprints can be in databases and on the device itself. Not sure how fingerprint scanners react to replicated fingerprints, but the right people can probably replicate them pretty well. I would only consider a fingerprint a more secure authentication measure because it can't be recorded by cameras.
> the right people can probably replicate them pretty well
They can be fooled reasonably well (well enough to fool an iphone) with pretty simple techniques. For details, search for a bunch of articles from 2002 referencing Tsutomu Matsumoto's work.
I meant it's a lot harder to record fingerprints... It's relatively easy for a camera from almost any angle to record touches on the phone (especially with many phone's animations that show the number touched)
Fortunately, my threat model does not include people cutting off my fingers. Take out the pliers and you can have my phone. My notes are private, but not that private.
That's the reality, for sure, but at least you're stripping away the air of respectability, law, and order. When you're whipping someone with a rubber hose, you've made a serious commitment.
" you're stripping away the air of respectability, law, and order."
Counterexample popped in my head was parents with a belt asking for iPhone unlocked. Still has respectability, law, and order in most places. I wonder if there are other counterexamples.