[realo]

Convenient, for sure.

However, I always have the choice of not giving up my passwords, under (even painful) threat. Also, someone cannot get my passwords if I am dead. Ever.

Unfortunately, with biometrics, it is quite easy to force me to put my face/finger/iris in front of the machine and unlock it. Even if I am (freshly) dead.

Not that cool, really.

[akerl_]

Real talk: I feel like the demographic of people who read and comment on HN is primarily people for whom "painful threat" is purely theoretical. Downstream folks are talking about preventing information leak if the adversary is literally willing to kill you via torture.

In the real world, torture is a fairly effective way to make somebody divulge information, especially in the case where it can be readily checked (by trying the password they divulge). It's a fairly well proven fact that living beings will do pretty much anything to make the pain stop. For recent reference, this HN article, where he repeatedly complied with demands, even including lying about being tortured, in the hope that it would make the torture stop:

https://news.ycombinator.com/item?id=9213753

[jotm]

Not gonna lie, under threat of severe physical damage or death, I'd give away everything I know. Granted, I don't have access to nuclear weapons or anything, but I wouldn't care who gets effed up as long as I'm intact...

[tomjen3]

Torture is one thing, a government warrant something else.

[s3r3nity]

Wow - I guess any apps I build have to satisfy the "If I'm tortured" use case.

[realo]

Something you have. Something you are. Something you know.

You actually really need the three of them. The last one prevents the <Torture to death> scenario.

[andrewfong]

The last one really just prevents the (immediate) death scenario. The something you know could presumably be why they're torturing you in the first place, caveats about the effectiveness of torture notwithstanding.

[therobot24]

Movies like to exploit this fear (e.g., Demolition Man when Wesley Snipes takes out the eye of a doctor to escape the prison), and it's understandable. It really comes down to when a biometric is a good fit for a system. For the average person with a laptop MS is doing a great thing. And just like any new piece of tech, there is a responsibility of the user to understand the implications and restrictions that come with it. From the video i can't see any indication that MS could prevent forced login (dead or alive), thus using this may require that you separately encrypt your data.

[LLWM]

>Also, someone cannot get my passwords if I am dead. Ever

99.9999% of the time this comes up in real life, it's an inconvenience.