I will say that it's become increasingly difficult to fake a biometric, as the technology for sensors has improved. Therefore, as we move away from a thumbprint to a face print to—we're looking now at vein pattern recognition on some new phone systems.... We've had palm print technologies for a long time. It is always perhaps possible to spoof those. Any problem can be solved with enough money and technology. They can be spoofed, but they can't perhaps be overtaken, unless you don't register them yourself.
If you have your phone and don't ever register anything except a four-digit PIN and then somebody comes along and puts their thumbprint in, it's in there. That's on you, not them. The ability to actively impersonate somebody with a biometric, unless it hasn't been registered to you in the first place, is getting to the level of practical impossibility. Fifteen years ago, I could fake a fingerprint and replay it fairly easily. I can't do that anymore.