This has probably been pondered, but something occurred to me whilst entering my new home.. The guard house grants access based on your fingerprint. The system works pretty sweetly..
Now.. because i have about a zillion accounts, i kinda group my passwords.. since i know services admins on most irc networks read your password, i use XXX for low level access (this might include try once trial software logins).
Slightly more reliable software logins (vmware page / ms partner page) i will use YYY.. i think most people do this..
Whats interesting is that biometric readers deny us this luxury.. So, while my complex thinks its cute.. they take my reading and store it on their win95 machine (clearly i exagerate) but if Internet Banking ever goes biometric (which it often threatens to do) i've just given away my login.. Can you tell someone "no.. i dont want to auth using biometrics, cause its the only finger i got!" i think maybe we should..
/mh
Second, as mentioned by RT, you can have multiple point of reference in a biometric, meaning that one finger can provide several biometrics depending on how the device is configured. For example a retina can give you up to 256 different 'prints', giving you a good 512 passwords from just your two eyes.
I was worried about this too, and had an internal discussion which I posted the relevant results from here: http://singe.za.net/blog/archives/769-Biometric-Reading.html
it doesnt matter so much that your system is configured to read 1/256 possible prints of my retina, since the retina scan used by bob's fish and chip shop is capable of taking the same print exactly ?
It would be ok, if i could control which of the 256 images your system took, since i could use 3/256 for some systems, and 200/256 for internet banking.. but since i cant control it, i effectively give it away to anyone and everyone..
ps.. its good to be blogging in the open too :>