Wish I'd never agreed to the biometric factor.

That was sort of my point.

Look dude, I may agree with you, but don't expect me to defend to the death your right to say it. Well, maybe this time, but just this once, OK? :-)

The problem is so complex that there is no silver bullet solution. The only thing that we can do is incrementally improve our solutions.

An important thing to recognize here is that there are often multiple stakeholders involved, sometimes with competing interests. E.g., your bank, your employer, or your email provider's website... and you. There's not always agreement on what constitutes improvement. An employer may love the biometrics idea, but as you point out, it could easily make its employees targets of physical violence.

Typically the party that chooses the authentication scheme is the one that writes the check for it. This is not always the party with the most to lose and is almost never the actual user being authenticated.

Using a hash of a retinal scan as a passphrase in order to make public key cryptography more mainstream could be a good thing compared to what we have now."

I disagree, but you haven't described anything concrete enough for us to discuss.

It wouldn't be perfect, but questions like "do you trust the hardware" are not unique to this solution. You could pose the same question about using a keyboard to enter a password.*

Right. People get their keystrokes captured all the time, so unless your solution addresses the common issues too it's not worth going inside the eyeball for it. At least passwords are easy to change.

It seems that widely adopted authentication systems can never guarantee a strongly trusted endpoint. It always comes down to trying to lock secrets in some box which is then distributed as widely as possible. This idea has failed every time it's been tried.