Except, of course, for the fact that it's a great marketing tool, for the convenience of their customers who can authenticate merely by speaking into their cell phones.
The best approach to IT security involves a three-part approach:
- key card - required for access, very easily invalidated by either the individual or management, thereby preventing access
- biometric - provides evidence the individual was actually present. Fingerprints are cheap, but easily forged. Retinal scans are expensive, but difficult to forge.
- PIN - provides evidence the individual consented or didn't consent; two pins, both of which work, but one of which flags the system, announcing to security you are under duress
*Amazingly enough,* this is precisely what's used by the federal government, via the CAC (common access card), albeit with fingerprints for issue/reissue, not authentication. For increased security, the system can be augmented with retinal scans, RFID, or other means. The system locks upon just one of several events.