Every time biometrics is on HN i end up losing karma cause people disagree with me.<p>I did my PhD on biometrics and while i've transitioned to a different field since graduation, i'd like to think i have some insight into the field (which i still try to follow through journals like IEEE TIFS or conference proceedings from ICB/IJCB). Fundamentally, a biometric is both a _username_ and a _password_ at the same time. It identifies who is logging in (username) while authenticating them (password). There is some literature to address the elephant in the room about 'changing the password' where the key created and stored from the biometric can be changed. But again, fundamentally, the goal should be about how to treat the data like a username/password pair that's just as sensitive as something like a SSN. For law enforcement, i completely agree that it's useful, but for digital access i have yet to see proof that system architects are acknowledging that relationship when thinking about cybersecurity and any ramifications of a breach.<p>edit: LOL this just hit my RSS feed from HN -- <a href="https://news.ycombinator.com/item?id=28314993" rel="nofollow">https://news.ycombinator.com/item?id=28314993</a>