First of all because they cannot be revoked. Unless you count cutting tools and torches. Just as well as they can be easily used without the user's consent (e.g. sleeping) without them being aware of it. Note: this does not require stealing anything as in the passphrase case.
Additional problems are the high false positive rate.
They just identify the user, not an action of authentication/authorization; i.e. a mental action like remembering a password and actively approving something.
See it this way: Your bank card identifies you, you pin number authorizes the payment. These are distinct differences. If you ignore authorization you get nfc payments which are very convenient but far less secure and easier to manipulate. Note: your pin can be revoked, your fingerprint can't.
First of all because they cannot be revoked. Unless you count cutting tools and torches. Just as well as they can be easily used without the user's consent (e.g. sleeping) without them being aware of it. Note: this does not require stealing anything as in the passphrase case.
Additional problems are the high false positive rate.
They just identify the user, not an action of authentication/authorization; i.e. a mental action like remembering a password and actively approving something.
See it this way: Your bank card identifies you, you pin number authorizes the payment. These are distinct differences. If you ignore authorization you get nfc payments which are very convenient but far less secure and easier to manipulate. Note: your pin can be revoked, your fingerprint can't.