Totally agree, you can't rely solely on one single method because of limitations and the potential for it to be broken (passwords being cracked, fingerprints being copied and reproduced). I think you've raised one of the major issues though: sole reliance on one method for security. If you work somewhere where information security is critical, relying solely on user generated passwords becomes an issue in my opinion, as humans are the weakest point in the chain: we choose easier-to-recall passwords, or reuse them with minor changes in a pattern (password1, password2 etc). As a thought, what's everyones opinion on logging on to your terminal and program's with a mandated lengthy password, a swipe access card (ie the one used to get into the building) and a fingerprint scanner. The hardware is relatively cheap, and adds at least a couple layers to being manipulated by any would-be attacker.