[saosebastiao]

You're demonstrating the difference between authentication and authorization, not the difference between identity and authentication. Notice you use the word authority, which has the same root word as authorization. Authentication is merely the confirmation of identity...it is not the same thing as authorization.

[cookiecaper]

In the case of a single-user phone, is there a difference? The phone's owner has authorization to do anything, including spend funds they've previously enrolled into the phone's wallet systems, etc., so it's kind of a moot point for the purposes of this incident.

You seem to be suggesting we add extra layers here so that merely authenticating as the device's owner is insufficient authorization to conduct some actions, and re-authenticating as the owner by using something they know (secret token like PIN/password) instead of something they possess (finger) will re-grant authorization, but users find this constant re-auth very annoying.

Most would probably prefer device makers to allow them to trust the people whom they sleep around rather than input another authentication method all the time. Personal responsibility has to enter into the equation somewhere.

My advice to this parent would be to keep their phone and/or body inaccessible while unconscious.