In the movies, when someone needs to bypass some sort of fingerprint biometric system, they use tape to lift a fingerprint, or in the more gory films, cut off a body part. In any case, there have been a lot of attempts to replicate this in the real world. Sometimes these work, though the consensus is modern hardware isn't as susceptible as older hardware. I don't know if that's true, but I did see an interesting look at the main three sensors used in most laptops.

All the laptops had their authentication bypassed, though not with any fake biometric device, but rather with attacking the actual communications between the sensor and the OS. There's a great report from two people who were asked by Microsoft to evaluate the security of the top three sensors. It's a fascinating look at how the hardware and software of the OS are set up to provide secure authentication and how both can be fooled.

Some of the problems are users not enabling features and some are that manufacturers aren't understanding or implementing the secure protocols from Microsoft. I both get how this happens and I feel it's not acceptable. Certainly someone might read a spec and not completely understand it, even across a team of people. However, for vendors, this can't be something they don't have researchers, pen testers, or some security professional examine. Hardware vendors spending money designing these devices ought to include the money for a few people to try and break the security before they are sold.

At least for security features.

I like the enhancements made with multi-factor authentication, and I appreciate biometrics as a convenient way to access things. At the same time, I want to be able to trust them. The efforts made by the researchers are pretty high, not something that someone in a coffee shop can do in 5 minutes while you go to the bathroom. At least, apart from the Surface. It appears that one can be quick.

At the same time, if you lose your laptop, within hours someone can break past the biometrics with a man-in-the-middle attack. Even if you've encrypted the disk, your data can be accessed since this attack gets the OS to authenticate them.

Security is tricky, but I don't plan on disabling my fingerprint scanner. However, if I were carrying around data that was more important than the work I do now or data worth a lot of money, I don't know I'd ever enable biometrics.