Bio metrics is local to device
So most people on here will use a password manager to remember long and complex passwords? So have one master password for the manager.
The FIDO tech essentially the same thing - something to unlock the local password database (happens to be held in a TPM chip on a PC/[phone/key), rather than an encrypted database) - this is either a PIN (so device stolen, PIN socially engineered - hacker in) or bio-metric (can be hacked, just a bit harder?).
Once the database is "open" the secure password is used - password-less just replaces pasting the password into a text box with a much better public/private key exchange.
The actual pain point is that only works for a limited number of systems - so you still need "real" passwords for "legacy" systems.
Biting the hand that feeds IT
