[bodz]

> I don't think the average person in their audience has a strong reason to understand the difference.

In my experience as a security consultant, one of the biggest problems (and it's a very big problem) we face is that average users lack training and awareness of good security principles. It's really bad to rely solely on system designers for your security. Even if your system designer is 100% effective, it just takes one unaware user to do something bad such as give their password over to a phishing call and you're screwed. And if for nothing else, training and awareness is necessary because without it, you get users kicking and screaming when they don't understand why you've implemented certain security features, which typically means you end up implementing less security to avoid the kicking and screaming.

And just like in your average security training and awareness session you'll have a lesson on "don't give your password to someone on the phone, even if they claim to be your IT guy", we also have lessons on "fingerprints are not passwords, and you should not use them as such", but this is hard to get through people's heads when Apple's marketing material says otherwise (as shown in my previous comment).