Biometrics

There was a bit of a discussion a few weeks back about the use of biometric data for security purposes.

In particular, a Facebook engineer, Gregg Stefancik was quoted  as saying that he "hates biometrics" because, once such data is compromised, it can't be amended.  He means that a person's fingerprints, retina or voice pattern can't be changed, whereas other forms of authentication like a password can be reissued.

However, the "Biometrics Institute" (not quite sure what this is or who is behind it)  apparently think that this overstates the case. They say,  "that biometrics offers far greater security than passwords and can’t be stolen because they are physical features of a person."

Well, perhaps biometric data they can't be stolen from a person, but what about at the other end?   Surely the data has to be on file at the bank or wherever, so that when the individual logs in, it knows what to look for?   And of course, we all know that any organisation that stores data about you is quite capable of being hacked (for example, eBay).  EDIT - and cloud storage also seems vulnerable.

The essence of the the Institute's  argument appears to be that you don't use biometrics alone.  Err, what's that?    So you do have to have a password or PIN as well?  Kinda defeats the purpose, I would have thought.....

Perhaps I'm missing something here, but at this stage, I remain to be convinced about the utility of biometric data!