Biometrics aren't secrets. It seems like "a good quality infrared image of the target's face" is hard to get right now only because the tech isn't ubiquitous yet. Wait until every website the user logs into has a copy. https://arstechnica.com/information-technology/2021/07/hackers-got-past-windows-hello-by-tricking-a-webcam/
It's strange that we are solving the problem that people use the same passwords everywhere, by replacing passwords with unrevokable biometrics, that *have* to be the same everywhere to work.
@kyle yeah, it does indeed seems like an unwise move at its core. A “something you have” that is used exactly the same way everywhere is no better than just leaving everything as a default ‘Welcome123!’ as far as I’m concerned. Convenient and secure are rarely friends, but I do believe there are ways (and I’ve implemented a few) where inconvenience is minimized while security is maximized.
