Quote, Originally Posted by iMOTOR
I would say magstripe is by far the worst.
Biometric is one of the three factors of authentication - something you have, something you know, and something you are.
Biometric is something you are. Once it's compromised, it's compromised for life. The false positive rate is also too high to be considered truly secure as a single factor authentication method.
Magstripe is something you have. It can be immediately revoked and replaced if compromised.
No single-factor authentication method is as secure as two- or three-factor, though.
Quote, Originally Posted by turtle777
In reality, thousands of simple passwords that my hamster can crack in 1 millisecond make passwords ON AVERAGE far worse than any biometric-based authentication.
The problem is, modern password systems don't really allow for brute force attempts, because after a limited number of attempts, the account is locked.
With consideration for the three factors of authentication, passwords are still the most secure single factor method, taking into account how each factor can be compromised or bypassed.
Something you are
is tied to your physical being (e.g. a fingerprint, retina scan, etc.). Once compromised, it is unusable for as long as you are alive. If all ten fingerprints are compromised, you can no longer rely on fingerprint authentication as a single factor.
Something you have
is generally an object - an RSA token, a smart card, a cell phone with a one-time use code sent to it - and that object can easily be lost or stolen. However, that object can be immediately revoked and replaced if it is compromised. That being the case, it's inherently more secure (although not secure compared to two-factor methods) than biometric.
Something you know
is a password or PIN. It is compromised through phishing, social engineering, service-side exploits (hacking to retrieve password hashes and attempting to reverse those hashes to obtain usable passwords), keyloggers, etc. If compromised, like an object, a password can be immediately revoked and reset.
Biometric is not a reliable single factor method of authentication. Incidentally, the way the iPhone 5S uses it is admittedly slightly better, since rebooting or too many invalid biometric attempts will force the user to input the backup password or PIN.