[sly010]

I honestly think biometric is just eye-candy. The real interesting thing here is MS Passport.

Passwords are only broken because for most intended purposes they act as a symmetric key that you happen to leave around everywhere and when it leaks, you have a problem.

If we had a web standard for asymmetric key authentication, you just unlock your device and your device authenticates you. A leaked public key (created for a single service) is useless.

And once you only need to unlock ONE device, you might as well remember that single password, because at that point it is way more secure than a fingerprint.

Of course devices break and get stolen, so you need to back up your keychain, and I bet that is exactly what MS Passport does for you, which is why it will never be adapted by other vendors.