>aren't PINs weaker security-wise than biometric logins?
Depends on how you look at it. I'll focus on fingerprint here.
Sure, there are far more possible fingerprint features that can be identified for accept/decline decision "Does this match a registered fingerprint", than 1,0000 PIN combinations (4 digits).
But if the fingerprint reader is too lax in matching, it's possibly worse.
If you can crash the fingerprint reader system, which then accepts all future patterns, that's worse.
If you can trick the system into revealing all the biometric data it's collected, and then replay it directly without using the sensor using their debugging interface, that's worse.
That's not to say defaulting to PINs is or isn't the "least bad" option. Just that it's more complicated than the question makes it look.
There are other issues around your question in general that aren't particularly relevant in context:
You can't reasonably change or revoke your PIN.
Your device is likely covered in your fingerprints.
Depends on how you look at it. I'll focus on fingerprint here.
Sure, there are far more possible fingerprint features that can be identified for accept/decline decision "Does this match a registered fingerprint", than 1,0000 PIN combinations (4 digits).
But if the fingerprint reader is too lax in matching, it's possibly worse.
If you can crash the fingerprint reader system, which then accepts all future patterns, that's worse.
If you can trick the system into revealing all the biometric data it's collected, and then replay it directly without using the sensor using their debugging interface, that's worse.
That's not to say defaulting to PINs is or isn't the "least bad" option. Just that it's more complicated than the question makes it look.
There are other issues around your question in general that aren't particularly relevant in context:
You can't reasonably change or revoke your PIN.
Your device is likely covered in your fingerprints.