Talk:Guide to Authentication
"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.
So I am removing that sentence. There are much worse implementations of single factor authentication.
I don't know if this is strictly true: " * Password change**
* Password resets**
(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "
Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."