First, it's important to realize that biometric identifiers are not constitutionally protected in the United States under the fifth amendment given current legal precedents:<p>"A Virginia Circuit Court judge ruled Tuesday that police officers cannot force criminal suspects to divulge cellphone passwords, but they can force them to unlock the phone with a fingerprint scanner."<p>Source: <a href="http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-can-be-required-to-unlock-phone-with-fingerprint/" rel="nofollow">http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-c...</a><p>Second, as others have already noted, you cannot hide or change most biometric identifiers and some people may not even have them at all. Therefore, passwords will always be the safest, most accessible option. However, more education regarding their creation, use, and support needs to occur:<p>Password Strength:
<a href="https://xkcd.com/936/" rel="nofollow">https://xkcd.com/936/</a><p>Password Reuse:
<a href="https://xkcd.com/792/" rel="nofollow">https://xkcd.com/792/</a><p>NIST’s new password rules – what you need to know:
<a href="https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/" rel="nofollow">https://nakedsecurity.sophos.com/2016/08/18/nists-new-passwo...</a><p>Personally, I like to choose a small token representing the site or service at hand, then surround it with multiple pass phrases I've memorized over the years. This creates a strong password which is both unique and easy to remember. Not to mention when a site I use is inevitably hacked and my hash is stolen, I only need to update a single instance of this pattern--not reevaluate my entire system.