Should an authentication system be expected to reliably determine the motive of the user in addition to their identity? Various anti-fraud systems address this to varying extents, but a bank manager sitting at their laptop, tying in their password and TOTP with a gun to their head isn’t materially different to them providing biometric authentication with a gun to their head.
Identity != authentication. The bank manager is, from the identification POV, still the bank manager. The bank manager may not be intending to authenticate, though.
How is this any different of a scenario than having the bank manager memorize a password? They can still force the bank manager to give up the password by threatening to blow their brains out.
> How is this any different of a scenario than having the bank manager memorize a password?
Because in the other scenario the bank manager can be killed and the murderer can still use the "key" (the bank manager's lifeless face). Dead or alive the bank manager is still that same person.
With a password there's more security for the bank manager. If the robber kills the manager then the robber can't get in.
A second password could delay opening the vault (with a pretty animation), alert cops/security, and even lock the front door from the inside. The bank manager is unlikely to have a second face for doing the same.
Biometric auth needs an "under duress" mechanism to be at all comparable.