The problem with biometrics is, when you somehow loose your exclusive access to it, you can’t change them.

This is especially a problem in jurisdictions, where you can’t be forced to tell a password, but where your fingers and face are fair game.

Fingerprint sensors have been an interesting hurdle for Linux distros. Not one I necessarily would have anticipated either. The biggest question seems to come down to their security as well, given that there have been exposed flaws in the design of biometric hardware that tries to generalize its compatibility.

Microsoft has defined SDCP as a strong standard for TPM/Windows, but there isn’t an equivalent for Linux. Match on chip sensors have made things a bit easier, but there isn’t a standard way to communicate the validated authentication to the OS, usually relying on TLS.

This only really works for people who have hardware whose fingerprint readers are supported by upstream fprintd; would be interesting if they (or another distro; haven’t seen anybody implement this yet) add a “just works” option for installing and setting up e.g. libfprint-tod-vfs0090 or python-validity (which I use on two of my machines actually), similar to how some distros (Mint included I believe, but haven’t dealt with it in a while) give you an option for installing Nvidia proprietary drivers (or just make it work out of the box).

However these drivers are extremely sketch at times so… I guess there’s some good out of it not being preconfigured for people (because you have to look into it yourself and realize just how terrifying they are, both security and stability wise, python-validity especially)…

(though now I’m on NixOS where I have it pretty much “just work” through not that much effort, at least not as much as on Arch, and definitely not as much as on Mint which was painful because PPA fuckery)