are a replacement for usernames, they are more secure user IDs, they are not a replacement for passwords.

Biometrics at best signify my passive presence which should never result in any actions which requires active consent (unlock, pay, etc).

I want my phone to unlock on my biometrics + password and lock when it doesn't ID me for 30s, and instantly the moment someone-not-me is holding my phone.

"What I cannot create, I do not understand"
— Richard Feynman

