I hear ya, but this is not falsifiable data. Yeah, a scammer gets ahold of the digital hash that represents my Blood ID (or whatever) from a poorly secured database, but I'm the only one that has the ACTUAL BLOOD. So I can always confirm my identity with absolute certainty in case of theft or impersonation... a thief is only going to have the computer hash, not my actual blood. (Or retinal scan, or whatever bio data is being used to establish my identity.) Of course, some people donate blood or sperm or organs or whatever, and there could be an issue with security there. But that's not a concern for 99% of the population, while shitty passwords are literally a problem for everyone in the world.
You can compare a data point to another datapoint, you mean. Android fingerprint readers don't hash your fingerprint. they upload your fucking fingerprint to Amazon. So when a fraudster uses your fingerprint, and you say "nope, that's not my fingerprint, this is my fingerprint", the banks go "same fingerprint d00d." So now your fingerprint is FOREVER out there and you can't use it to validate ever again because it's a stolen credit card number. So maybe someone grabs Goobster's fingerprint data and the first thing he does is go "huh I'll bet I can use this to score some identities." He goes around with a forged birth certificate and heads to the DMV and says "I need a driver's license, oh by the way my fingerprints were stolen." So now they WON'T USE HIS FINGERPRINT to verify his identity, they'll fall back on their ancient bullshit. Meanwhile, all the speed he's encountering in using your identity to steal your life is slowing you up because while neither one of you can be trusted? He's used to this. You know what's cool about credentials? They can be revoked. You know what sucks about biometrics? They can't. Mistakes are made, accidental and deliberate, and expecting a company that shows absolutely no interest in protecting your revocable credentials to treat you irrevocable credentials any differently is naive in the extreme. Meanwhile you've just created a situation where in order to rent a car I now need to get Theranos involved or some shit which, frankly, no thanks. Nexus passes between the US and Canada have iris scans for Canadians. They don't for Americans, in no small part because customs and border protection in the US didn't want to be responsible for a bunch of indelible biometric data. They know "information wants to be free." I'm sure they'll change their mind eventually - Dipshits have been pushing for this since before Sony rootkitted their compact discs. But that doesn't make it a good idea. Shitty passwords are a design choice. They are the outcome of a bad system imposing unrealistic demands on its users. The solution is not to make the users try harder, it's to make the system better. If you need more security than I can provide easily, you can fuck right off. There's nothing you're doing for me that can't be done with less. Prove me wrong.