[cgmorton]

So all the clever people have concluded that this system is useless, because you can pull a gun on someone and force them to play the game. Not to mention: it's not even that much entropy! So let's all just forget about it move on with our lives, right?

No. Of course not. What this system provides is a unique -extra- method of authentication. I really doubt this is meant for putting this on your laptop in place of a password scheme. But you might use something like it as part of multi-factor authentication, e.g. into a secure facility. Remember all those movies where somebody's eyeballs are removed/replaced/copied in order to fool a retina scanner? I can't comment on how plausible that is, but I can certainly tell that if it were this system, they could not have broken it, period. I think that's pretty useful don't you?

[acdha]

The authors are claiming that it helps against duress but the system as described only does so in the most limited theoretical scenario where the attacker and defender both have significant, contrived restrictions. There's a reason why you remember those retina scanner tricks from movies: in the real world, security is about protocols and those tricks would fail in any realistic scenario short of, say, aliens with body-sculpting nanobots.

As a trivial example: this system assumes a single attempt in a guarded facility. What benefit does this offer over a duress password which our poor hostage provides knowing that it will trigger a full security response and locking out of their access? For that matter, why not have the same guard who looks for tricks check your face against the employee database?