Biometrics can only be used as an identifier like a username, or IRL a name. NIST IAL2 was mentioned in the article, Without anything else, just having a biometric match is really only IAL0 - no confidence the identity is authentic. Even IAL1 (some confidence the identity is authentic) is a stretch and IAL2 (high confidence the identity is authentic) is way beyond what a biometric can do.
To raise the level of confidence in the identity, authentication is required. Stronger authentication achieves higher confidence in the identity. A biometric as an authenticator of an identity is weak. A biometric can be added to other authenticators for multifactor authentication to improve authentication.
In security circles this process is called I&A (idebtification and authentication). First an identity is presented like a name, SSN, a biometric, a username, or account number. If no further steps are taken, then you have achieved IAL0 - no confidence. If some level of authentication is performed such as presentation of a pin, or a password, or a secret handshake, or a key..., then IAL1 is achieved - some confidence. To go to IAL2, some strong authentication is required, either a proven strong single authentication factor like a hardware token or multifactor like a password and a token or a pin and an SMS delivered one-time code.
So many get this wrong.