Security
What we are trying to do is to make computers as easy as possible to use for legitimate users, but as difficult to use as possible for illegitimate users.
Those two extremes are difficult to achieve.
Security is based on what you are, what you know, and what you have. Facial-feature recognition is the what you are factor. Two-factor authentication is also important since other mechanisms make things more secure.
Kerchoff's principles are still important.
>>In 1883 Auguste Kerckhoffs [2] wrote two journal articles on La Cryptographie Militaire,[3] in which he stated six design principles for military ciphers. Translated from French, they are:[4]
The system must be practically, if not mathematically, indecipherable;
It should not require secrecy, and it should not be a problem if it falls into enemy hands;
It must be possible to communicate and remember the key without using written notes, and correspondents must be able to change or modify it at will;
It must be applicable to telegraph communications;
It must be portable, and should not require several persons to handle or operate;
Lastly, given the circumstances in which it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and comply with a long list of rules.
Some are no longer relevant given the ability of computers to perform complex encryption, but his second axiom, now known as Kerckhoffs's principle, is still critically important.<<
https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle