While I completely agree with you that the end of the password age has arrived, I disagree that biometrics is the solution; at least not on a broad level.<p>The problem with biometrics isn't a matter of its ability to authenticate an individual; they make great credentials. Rather, the problem is that once that uniquely personal data is leaked or hacked (in security, we must always plan for future malicious attacks/vulnerabilities), you can't simply replace or revoke those credentials. e.g. Say a cloud service holds a copy of one of your fingerprints. If that data gets leaked, you can't simply remove or replace your fingerprint. What happens when you've lost all 10 of your fingerprints to hackers?<p>In reality, biometry is so powerful that we must be responsible in how we employ this most intimate form of identification. Using biometry within truly closed systems (think iPhone 5s TouchID) is the only responsible way to utilize biometry, as the data is encrypted and stored locally in a partitioned drive, and made unavailable to everything else. Of course, this architecture generally limits usage to the device it's on.<p>My last point is that you don't need biometry for true multi-factor authentication (MFA), which is what everyone should be striving for. Biometric factors are also known as inherence factors (something you inherently are), which means you can replace biometric factors with inherence factors like geofencing (your location on this planet is something inherent only to you).<p>You should look into services like LaunchKey (<a href="https://launchkey.com" rel="nofollow">https://launchkey.com</a>) or view the FIDO Alliance (<a href="https://fidoalliance.org" rel="nofollow">https://fidoalliance.org</a>) to see what the next generation of authentication looks like.