I've always been skeptical of biometric security simply because it assumes secure endpoints, which is precisely the least logical assumption that a security system should make. With USB fingerprint devices becoming much more common, are you just going to trust that my USB reader isn't sending a digitized copy of somebody else's prints? Do I really want to send a digitized copy of my fingerprints across the wire to a website to sign in?

Imagine the DBA scenario: "Hey, Bob. We've got 40k rows of orphaned fingerprint records in here. Those developers must've dropped the foreign keys again. What do we do with 'em?"

I do think that biometric security makes for more interesting replay attacks. Along the same lines as high quality video spoofing that the Pentagon has been worrying about for years. Is it real? Or is it Memorex? Or completely fabricated? The cost of very believable, utterly fabricated video is going down, too.

I have a tablet with a fingerprint reader on it @ home and unless I am very careful to go slowly (with any of my ten digits), it's about 2:3 correct scans or less. Cold or very dry fingers make it even harder.

Which reminds me... We need to invent a new protected class (in advance)! The fingerprint-challenged. My wife is one of them. Every time she's fingerprinted for her concealed carry permit, digitally or with old-school ink, the police officer or fingerprint technician has a really hard time getting a clean print from any of her digits. Her hands are so dry and prints so thin that even an FBI-trained expert gave up once and signed a notarized letter stating that "the attached fingerprints" (such as they are) were the best effort they could muster and that she should be issued a permit anyway, even though the prints probably couldn't be scanned successfully into NICS.

Because you know that it would be descriminatory to deny someone a job just because they don't have proper fingerprints, now wouldn't it? Heh.