How can we eliminate passwords given the problems with biometric authentication?

First of all, let's keep in mind that vendors of biometric solutions have a vested interest in badmouthing passwords to promote their own products and services. There is money at stake. They have something to sell to you, but that doesn't mean you will be better off after purchasing their stuff. So one should not take those claims from vendors at face value.

Moreover, and perhaps I have a fundamental misunderstanding of how biometric data is stored, but what if this information is breached? Changing a password may be tedious and expensive, but at least it can be changed. I'm uncertain how biometric authentication address this problem--as I cannot change my face, iris, fingerprint, and etc.--or if it needs to address this problem at all.

This is precisely the biggest problem with biometric. The compromised 'tokens' cannot be revoked. Breaches have already happened on a large scale. A devastating occurrence that will have consequences for many years to come is the OPM data breach.

Faces cannot be protected. They literally are public knowledge. Lots of people have their face on the Internet nowadays. Fingerprints can be seized off a glass. These are not secrets.

On top of that the collection of biometric data is a formidable enabler for the mass surveillance of individuals. Even the most democratic governments cannot be trusted. Technology also changes the nature of government and social interactions - not always in a good way.

We have to consider the trade-offs: what do you have to gain vs what could you possibly lose. Is the convenience worth the risk ? Not everyone is convinced.

So it is not just a technical issue but a societal issue that has enormous implications. Hint: China is the benchmark.

The false or negative positives rate is also a problem. Some people cannot be enrolled because of their physical characteristics. A password is unambiguous. You either know it or you don't. Biometrics = calculation of probability.

Relying on biometrics alone is not wise for critical applications. Hence the emergence of multi-factor authentication.

As an example 3-factor authentication would be:

  • something you have: for example a smart card
  • something you are: this is where biometrics comes into play
  • something you know: for example a password

It would be objective to say that biometrics are gaining momentum in some markets/applications, without eliminating passwords altogether. It does not have to be a zero-sum game.

but at least it can be changed

They change frequently - depending on how much you've eaten/drunk. Ambient lighting has a big impact. Age. Variations in the devices performing the measurement. Biometrics work by the measured attributes being sufficiently close to some baseline record to be considered a match by the software. "Close enough" doesn't work for encryption keys - only for authentication. Its an even worse problem for 2FA tokens - that just proves you own a secret with sharing the secret. The secret needs to be available in plain text at both ends of the authentication process.

Passwords have problems. 2FA tokens have problems. Biometrics have problems. Short of DNA sequencing (not viable) the most viable approach to strong security is to combine different methods.

I don't quite get where the idea of changing a password being expensive comes from, having worked in/on password storage and website logins changing a password isn't very expensive, not more so than opening a new web tab, and receiving an email.

PIN's are essentially weaker passwords (at least as my definition of what a "PIN" is).

Biometrics have one problem; if they get breached you can't really willingly quickly change them. Furthermore as soon as someone has access to you (like when you are arrested) they can take your biometrics and get access to all your accounts.

Decreasing dependency. Many companies are decreasing dependency on passwords and have started using two factor authentication. This comes in many forms but may be anything from having to confirm changes with an email link, entering a code sent to you by text, or having a special app that you have to use to confirm your decision. Two factor authentication is not perfect and has several flaws, and is annoying and tedious, but is also rather effective.

Biometrics storage. This is the sketchy part. whereas passwords can be stored in super secure ways biometrics can't really, as you need to compare a profile with the input, which means that that profile can be stolen. Biometrics are also rather vulnerable as they are constantly visible on you. (finger prints, iris, DNA, speech, facial recognition) This makes it easy to steal/copy them, which is a lot more difficult with passwords, if they are managed properly.

To sum it up passwords are pretty good, if used properly (which most people don't) and can be greatly improved using two factor authentication (or more factors as @Anonymous pointed out).