One of the fascinating aspects of biometrics is liveness detection - the science of checking to make sure that the things using biometrics are alive and not masks or severed fingers.

Phones don't use a complete liveness detection model. https://www.theregister.com/2021/05/06/samsung_galaxy/

I wrote about it here in 2015! https://www.csmonitor.com/World/Passcode/2015/0113/Biometrics-researchers-race-to-stay-one-step-ahead-of-hackers

It's easy, for example, to make a finger out of household or hardware store equipment that will conduct electricity like a human and matches a fingerprint.

It's hard to make one that has human-type blood flow, pores and a pulse.

Pulse detection also works against deep fakes and masks in facial recognition with no additional equipment.

Your camera can detect a pulse.

Your computer sees your blood.

But prior to the deep fakes potentialities, there were some really clever ways to handle liveness detection in facial recognition.

You asked the person to blink.

Similar thing with preventing someone from using a cassette player to beat a voiceprint pre-AI concerns.

You could just have someone say a different thing each time.

If you're wondering, there is at least one recorded instance of a severed hand being used to steal a fingerprint locked car before liveness detection became more standard.

It was in 2005 in Malaysia.

Biometrics are less bad for most uses than people in cybersecurity make them out to be. They're also more bad than people outside of cybersecurity make them out to be.

I originally typed that as "moist uses," which also makes sense given the liveness detection context.