One thing I was always worried about when we talked about biometry: What do you do if the database which stores your credentials gets compromised? Well, it happened: Stolen OPM Fingerprints: What’s the Risk?
I am not aware of any successful and active attack so far as I guess nobody tried to replay the fingerprint but what do we do if this happens? You can hardly revoke your fingerâ€¦. I know, it has to come from a trusted source as the machine asking for authentication has to be know but hey, there are a lot of ways to forge that as well. And then? Well, then we have a problem and most probably go for another authentication methodâ€¦
Or do I misunderstand something?