[kjs3]

You can change a password, you can't change your face. Agreed that we have yet to see the mass-hack based on biometric data that generates the ohshit moment, but from a risk perspective 'it hasn't happened yet' is cold comfort.

[exe34]

> you can't change your face

if you get involved with the wrong/right sort of people, they might do it for you

[catlikesshrimp]

I would rather change my password. Easier, faster, less painful. And it doesn't affect how others perceive me.

[giantrobot]

The biometric data is not your password. It's used to unlock a session token. Getting that session token requires a "what you know" password. There's lots of events that invalidate that session token not the least of which on phones is multiple presses on the lock button (on iOS at least).

[domador]

Yet in many cases it is. I've come across various systems where there is no "what you know" password only a "what you look like" password.

[kjs3]

Yup. I guess if you don't do much of this "it's not a password" sounds like "there's no risk".