[jrm4]

Good point, you're right. And with e.g. federal agencies, this fine.

But given the relatively high level of laziness, capriciousness, and general failure all around that is "IT security by means of companies who are rarely held accountable," it's good to point out that this is what makes biometrics worse than usernames and should probably mostly be avoided, or at least optional.

[bb88]

Your points are taken, but I do believe that the "something you are" is better than the "something you know" and "something you have" pieces -- as the knowledge or the thing you have can be stolen.

Sure fingerprints, face scans, and iris scans can be stolen as well. But certain things are really hard to fake, including potentially, scans of faces and an iris scan at the same time -- unless you can somehow graft a new iris and grow a new face.

Put it like this: a dead victim is found naked along the side of the road. Which leg(s) of the security triad can the police use to prove the identity of the victim?

[jrm4]

If convenience plus precision are your only goals, sure. But this requires probably too much trust in the systems. I'm fine with the FBI having that power and information.

Google, who I don't pay and doesn't owe me much, not so much.