Comment 5 for bug 255799

I am not personally a fan of fingerprint readers on their own because often they can be subverted (see Dustin's comment) and because I generally don't like amputation-ware (I like all my parts where they are now, thanks). That said, someone else may have a really good reader and want to use it, and I'd have to agree with Roger that just because I, Dustin and other security professionals don't find them useful for passwords, that doesn't mean they shouldn't be supported, if those interested want to put in the work.

Combining a fingerprint reader with other authentication mechanisms can make things more secure. Eg, the fingerprint (something that uniquely identifies you), with a password (something you know) and a smart card/usbkey (something you have) would offer quite strong protection (not to mention rather severe usability issues). In this scenario an attacker needs to obtain three different tokens, which is likely more difficult than two and certainly more than just one.