[stlark]

I'd also add that facial recognition is also becoming more common as a way to authenticate into systems. This might be a naive analogy, but, this feels like thousands of people providing a company with their name and their phone's lock screen combination.

[judge2020]

> providing a company with their name and their phone's lock screen combination

In consumer devices the face data is stored only on-device, so any privacy concerns are defended by "it's not sending your face to the cloud" and/or "don't use it if you don't trust it"

[asdff]

But if they have your face from another source and it's good enough to authenticate, that doesn't matter. Your face is a good strong password, but what good is that if it leaks? You can't reset your face like a password, after all.

At least with fingerprints you have 9 extra passwords you can use if your index finger print leaks (I bet my prints are already out there just from getting pre employment background checks from workplaces with hulking old school IT bureaucracies and a workforce pounded daily by phishing attempts).