This is why a biometrics only approach can lead to weak security. When working with several vendors at one of my jobs I ran into this as frequently - we leave our fingerprints where ever we go, and copying a fingerprint was trivial work even last century. You need a combination of password, biometrics(s), two step authentication and more if you really want to be secure (e.g. fingerprint, spoken password with voiceprint authentication and machine and login ID certificates from the device would be a good approach.) This is even more true if your ultimate goal is “single sign on” for efficiency’s sake.
At a conference in Hamberg Germany this weekend, biometrics researcher Jan Krisller demonstrated how he spoofed a politician’s fingerprint using photos taken by a “standard photo camera.”
Krissler speculated that politicians might even want to “wear gloves when talking in public.”
The Chaos Computer Club, which put on the conference, and Krissler, who goes by Starbug, have demonstrated their ability to breach fingerprint sensors in the past. Shortly after the first Touch ID-equipped iPhone came out, the Chaos Computer Club was the first group to demonstrate that it is possible to beat Touch ID by creating a fake latex finger from a fingerprint left on glass or a smartphone screen.