“Touch ID and Face ID: Real biometrics or not?” https://www.biometricupdate.com/202107/touch-id-and-face-id-real-biometrics-or-not
Reading reports like the above, probably not a few people would react quickly and critically, mentioning the absence of cancellability of our body features and the privacy concerns it causes.
Few people, however, speak about the fact that the overall security is brought down to the level lower than that of a default password/PIN where the biometrics is used with a default password/PIN in a ‘two-entrance’ deployment (as against ‘two-layer’ deployment).
This security-lowering effect is the inevitable consequence of biometrics being probabilistic, as against deterministic; body features of living animals are unpredictably variable in ever changing environment.
Here is the reality that so many security experts opt to not speak — a two-layer deployment of two authenticators decreases the attack surface, whereas a two-entrance deployment increases the attack surface, thus providing a better convenience to bad guys as closely examined here — https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
< Videos on YouTube>