This scheme is many things, but it is not security.
Even ignoring all the privacy issues in mandating biometrics, biometrics can be fairly easily stolen IRL - heck, DHS lost data on 100,000 people over a couple months.
Second,
Equally important, the credential can be stored online so that it’s available when I replace or lose my current phone,
And, entirely invalidating the process. If it's stored online in a usable format, then it will be stolen. Not "can be", "will be". Who knows when, but it WILL happen. Those credentials need to be hashed (at a minimum), or they will get stolen and will be used for compromising accounts (or likely identity theft since it's biometrics).
Plus,
Bob Lord was the chief security officer for the Democratic National Committee and chief information security officer at Yahoo.
Trusting someone who was in charge of DNC security is stupid, trusting someone who was in charge of Yahoo security is idiotic, trusting someone who was both is just flat-out malicious.
To quote one of the comments out there
Even ignoring all the privacy issues in mandating biometrics, biometrics can be fairly easily stolen IRL - heck, DHS lost data on 100,000 people over a couple months.
Second,
And, entirely invalidating the process. If it's stored online in a usable format, then it will be stolen. Not "can be", "will be". Who knows when, but it WILL happen. Those credentials need to be hashed (at a minimum), or they will get stolen and will be used for compromising accounts (or likely identity theft since it's biometrics).
Plus,
Trusting someone who was in charge of DNC security is stupid, trusting someone who was in charge of Yahoo security is idiotic, trusting someone who was both is just flat-out malicious.