Biometrics are poised to become a widely accepted way to secure devices and applications, and in many cases to replace "traditional" authentication methods such as passwords and tokens. The Washington Post discussed this "biometric revolution" and asked whether we are really ready for the paradigm shift it will bring.
As we collectively adopt this new technology, it is crucial to remember how it differs from what we are accustomed to in terms of it not being "something we know" (like a password or PIN) or "something we have" (such as a token, smart card, QR code...). Biometrics by their nature are something we "are", which makes them perfect for authenticating the user's identity, but challenging to manage and maintain as both a provider and as a user. As a user, I can't "reset" my fingerprint (without some serious effort), and once it's compromised, that's it. New technologies will be needed to handle the issues biometric authentication introduces, and perhaps as importantly, new discussions on how it should be used will be needed. This includes a critical discussion related to privacy and identity, once users start authenticating with something they "are".