I read somewhere that a fingerprint couldn't replace a password, as they are different auth methods, and the fingerprint can't really replace the password. Does anybody know why? I searched the article but haven't been able to find it.
My guess is it's referring to the "something you have", "something you are" and "something you know" [1]
Current two-factor authentication on the web combines something you know (password) with something you have (mobile phone with an app that generates tokens).
The parent is suggesting this could change to something you know (password) and something you are (fingerprint). It could easily be extended to include something you have by combining the fingerprint with a token generator on your iPhone.
