TouchID moved the ball forward quite a bit, and FaceID will probably go even further.
Obviously neither provide ultimate security, but Apple is in a strategic advantage since they make the hardware and software to make the barn walls and roof super secure, but it does nothing if the front door is left open.
With TouchID, I have a complex passcode that I have to enter a couple times a week. It's less secure than some hypothetical setup where I have a complex passcode I have to enter every time I unlock the phone, but it's far more secure than what I was actually doing before.
I think that strikes a nice security median. If someone does get procession of my phone, I only need to stall for less than 24 hours.
The rest of the time, the fingerprint scanner works near perfectly. It's actually faster to use the fingerprint scanner than the standard slide to unlock, which is all I ever had setup on my previous phones.
Can I configure my iphone to require TouchID, FaceID, and a PIN for each unlock of my phone every time?
They are though, if bad == insecure. Customs can make you unlock with fingerprint or face. If you can't lock yourself out, it's not secure.
Because they fall in the category of "will be used" as opposed to perfect security, which almost always falls in the category "won't be used"
(a) the world was only US citizens.
(b) nothing unconstitutional ever happened to the first group.
Allow me to repeat myself,
If you can't lock yourself out, it's not secure.
For example, some banks have time locks. Nobody gets into the vault, unless it is in a certain window of time.
It's not secure if you can lock yourself out either.
A court could hold you in contempt for failing to unlock or intently locking.
And a state actor or even mugger could just hurt you or even kill you, in frustration if you don't open it for them.