[blamestross]

And transmit it! Biometrics are useless for remote 2fa. They only even make a little sense when used for immediate local hardware interaction. From a remote perspective you can't authenticate biometrics versus a replay attack. Hardware does it by literally being hardware and thus has high confidence it is talking to the real sensor and you will note all the phones require harder authentication on boot before enabling biometric authentication.