I've always been of the opinion that biometrics are much more closely related to a username rather than a password. There will always be ways to either fake or compel biometric scans, and having a second layer of proof required to authenticate and authorize seems like the only responsible thing to do.
