Replacing my passwords...
...With bio-metrics just means that the bad actors will need to learn how to spoof bio-metrics. How would this compare to enforcing the managed use of lengthy, randomized that are changed on a regular basis?
One huge benefit of using bio-metrics is that over time it limits the amount of data that needs to be processed in order to authenticate a user. Another is that no one (to my knowledge) has come up with a quick way to spoof bio-metrics...yet. However, our finger prints rarely change. The same is true for our faces. Once a bio-metric measurement has been cracked it should be considered insecure for the foreseeable future. In my opinion if passwords are long enough, random enough, changed often enough, and are securely hashed they will remain superior to bio-metric authentication, but perhaps inferior to using bio-metrics as 2FA with strong passwords.
Instead of trying to chase this Holy Grail I think Microsoft would be better off spending it's money learning how to apply the Shannon Limit to Dev Ops in order to reduce the number of bugs in released code to something close to zero. I think that Grail is more Holy than passwordless authentication..
Biting the hand that feeds IT
