[petejansson]

A serious problem with biometrics is credential revocation. The best answer I've seen to this is using the biometric to locally unlock some other credential like a certificate that can be revoked. There are other problems that are flashier, like spoofing and liveness, but revocation is a real show-stopper that is frequently ignored.

[nickik]

The new FIDO UAF standard solves exactly this problem, all biometrics are only unlocking a local identifier preferable on Secure Element or in a Trust Zone.