Slashdot Asks: Should Businesses Switch To Biometric Passwords?

This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app.
This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?

Frost betterave tosp!

[Hognoxious]

No.

No! Of course not!

[Casandro]

Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.

It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.

Re:I'm not sure I like the idea...

[Samantha+Wright]

More generally, if the information gets stolen, you can never change it. Locks, passwords, and challenge-response seeds can all be replaced. No other authentication method has this glaring weakness. The burden of manual authentication is here to stay, I think, until we get password manager brain implants.

Biometrics are NOT passwords

[Anonymous+Brave+Guy]

Biometrics aren't passwords, they are user IDs.

Treating them as passwords is a popular idea but will inevitably lead to disaster. Who would choose a password they could never change and then give that same password to countless other parties? Even if we did that, what would be the equivalent to good practices like storing password hashes instead of the originals in case of compromise?