We can quantitate the risks of cracking conventional passwords. AI-based systems using biometrics are known to be brittle, and to have exploitable blind spots. Can we trust them in security systems?