Two caveats
(1) The two-factor authentication could be reliable only when it comes with a reliable password.
2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.
(2) Biometrics, whether static or behavioral or electromagnetic, cannot be claimed to be an alternative to passwords UNTIL it stops relying on a password for self-rescue against the false rejection altogether while retaining the near-zero false acceptance in the real outdoor environment. A dog which depends on a man cannot be an alternative to the man.
I wonder how many people are aware that biometrics operated with a password in the OR/disjunction way (as in the case of iPhone) offers a lower security than when only the password is used. Biometrics industries should let this fact be known to the public lest consumers should be misguided,