[tom-lord]

> Fingerprints are usernames, not passwords, even if some people use them as passwords.

This doesn't make sense. You cannot "use a username as a password".

Fingerprints, retina scans, DNA samples, etc are biometric passwords. They are unique identifiers to your identification, and cannot be changed for obvious reasons.

[jessaustin]

Please reread this thread. The reason 'liw and I are on the same page, and you literally denied that 'liw said what we can all read 'liw saying three inches above, is that you simply haven't thought deeply enough about this topic.

The entire concept of "biometric passwords" is flawed, because as you see, they "cannot be changed for obvious reasons". One of the most important things about passwords (and passphrases!) is that they may be changed at any time. Every time there is an unauthorized data dump, we get lists of thousands of passwords or hashes thereof. Therefore, anyone who protects important assets with passwords should change them regularly. Anyone whose biometric data is stored in a database will eventually have that dumped as well.

The day is quickly approaching when none of these biometric measures will be private anyway. With that in mind, they could perhaps be used as public identifiers, "usernames" if you will. In that sense they might be similar to the SSN, another datum that is clearly unsuitable as a password, even though hundreds of stupid organizations have used it as such.