Someone who knows your password and has access to your computer account can read your e-mail, send e-mail under your name, and impersonate you in other ways on the Internet.
New systems of "passwords" are developed to deal with these problems. In one approach the user chooses a list of questions and answers for which only he/she knows the answers. In order to log in, the user has to answer several of these questions chosen at random.
Another system is based on physical devices which generate a password according to some algorithm and frequently change it. In order to log in, the user must type in the current password generated by the device.
However, all of these systems are based on some knowledge, and someone who has this knowledge may impersonate the legitimate account user.
Recent uses of fingerprints include use of fingerprints in cell telephones. The main challenge in such a system is to create a small and reliable fingerprint reader.
Researches at Michigan State University have proposed a peripheral computer device for measuring hand geometry to give access to certain web pages.
However, if applied incorrectly, voice print is vulnerable to playing a recording of someone's voice during the identification process. To avoid this, one can ask the user to read a specific (randomly chosen) phrase which is not known in advance.
Web site of John Daugman, one of the top researches of iris recognition, has a lot of information on iris recognition and some really fascinating iris pictures. The main reason iris recognition is so promising is because bits of so-called "iris code" are uniformly distributed among people (i.e. each has an equal probability to be 0 or 1). The system has about 250 degrees of freedom, i.e. characteristics, each of which is independent from every other one. It is also interesting that even identical twins do not have the same (or even close) iris pattern.
Iris recognition is extremely reliable: according to the statistics on John Daugman's web site, several million tests have not produced any false matches.
Another problem is the need for centralized databases for biometrics data. Many people consider storing such data to be a violation of their privacy. Unlike passwords which can be changed, a biometric identifies a person for life. Many people are not comfortable with the idea of storing such information.
Storing biometrics in a database also raises the issue of protecting such a database both from theft of the data and from altering it. Both kinds of security violations would be disastrous if the biometric is widely used to identify people.
However, it may not be necessary to store this information in a database. An alternative is to store it on a smart card and to sign the information with a digital signature. The signature guarantees that the card has been issued by a reliable authority. It also makes it impossible to change the biometric data on the card. The biometric of the person can be compared to the one on the card locally, i.e. without sending a request to a centralized database. This way the information is not exposed to eavesdropper in transition.
Using biometrics with smart cards for identification seems to be a very promising direction of future research.