I use biometrics every night...when I go to the gym at 24 Hour Fitness.  They have been using a fingerprint scanner for 4 years now instead of ID cards (makes it great if your riding your bike without a wallet and want to stop in).  You also have to enter your phone number to confirm.  Seems like with the right resolution you could have a fingerprint camera on a smartphone.

In this world, I guess it would be better to steal information rather than cash, since you can extract that, read it, and then act on it maybe without someone knowing.

@Jabalio, you are right. Information is as important as cash and that is the reason companies are investing huge money/effort in building security solution to protect their information.

Biometrics will be my primary hope for now.

@Imran, I agree with you. I am more optimistic about Behavioral biometrics in which identification will be based on the behavior of a person. One of the behavioral patterns which we can implement is typing rhythm which is very unique to each individual.

One of my favorite space opera science fiction series of all time is called "The Lensman Series" by Edward E Smith (EE "Doc" Smith).  In the series, a galactic police force (the Galactic Patrol) needs an identifier that can't be reproduced, that is incontrovertible, and that even kills someone who tries to falsely use it.

One of the lessons that came up in that story is that whatever the physical sciences can invent, the physical sciences, in time, will circumvent.

Bingo.  Doctor Smith (he had a PhD in Physics) got past that by thinking of a sort of "science of the mind" that allowed for a device that could be tied directly into the psyche of the owner that was so incompatible with any other psyche that no one else could even touch or they'd die.  He called it "The Lens."

Unless someone out there has a similar breakthrough on the horizon, I think we may simply need to be more diligent with what we've got, rather than to go find something new that will, eventually, leave us right where we are now.

A. The profile data cannot be replayed like a recording

B. That even if the criminal compromised the data profile at the cloud source - they couldn't replay it either because of the rules of chaos and/or the unlikely event they could match personality traits so the authorized individual. You could say that this would be more like quirks and pecadilloes than a standard personality profile. This would be much different.

For A to be true, a replay of the data would be rejected, because it should be impossible, and therefore worthy of suspicion. 

For B to be true, the data would have to be of a nature that would be impossible to copy, and reproduce in a manner that would match the chaotic nature of an individua's physiology and psychology.

I would think it would take an cloud analysis engine on the order of IBM's WATSON, to figure it all out fast enough to send an authorization; but it seems doable. I have no idea how a pattern could be built to be recognizable, but when you put both the physical aspect and the psychological aspect together, you could get enough complicated factors to make it more impossible than breading the latest encryption algorythm. 

A full psycho profile would be on board, and if any doubt were present a question could be posed that only that individual would answer in any given moment in his/her individual way. Even if the criminals got all the data, they couldn't do anything with it unless they had not only a super-computer, but the hugely complicated algorytm that analyses the personality and physical charachteristics of the one requesting autorization. Questions would be truly random so no pattern could be detected by the crooks. It may take a specially crafted keyboard to put enough measuerment into this scheme, to give the engine the data it needs. Hopefully the existing USB framework we now have to provide the data stream required is sufficient; and also without interupting the kernel level way the present keyboard system works now. This special system could continue to analyse the keyboard as it is being used to constantly check that the authorized person is likely the one still operating the device.

Part of it might also be what needs watching and why.

For example, in a world of e-Cash, suppose someone were to break in and "steal" someone's money say by transferring it to their own account.   Well, great, set up some monitoring emails, and as soon as it happens, call the bank and ask for it back.

At some point it becomes like the ransom problem.   Suppose a fiend kidnaps someone.  At some point they have to connect to the money...and at that point the trail leads the police back to the culprit.

In this world, I guess it would be better to steal information rather than cash, since you can extract that, read it, and then act on it maybe without someone knowing.

I suspect we're going to see multiple approaches to password security, depending on the application, from simple Facebook/Twitter/Google authentication for low-security Webpages, to passwords + hardware dongles + biometrics for the nuclear launch codes. 

Gesture recognition is promising: for example, something that recognizes your unique individual typing cadence. But then what happens when you accidentally smash your finger with a hammer?

Passwords associated with something are easier to remember so it falls on the person how innovative he is to think of something that others cant.

I think the title of your message sums it up, Imran.