When using this general approach we need to address the following
issues:
Reliability of method. False negatives cause inconvenience to
users (you might not be able to log in if your voice is sufficiently
different due to a cold). False positives decrease the security of the
system.
Cost and availability of suitable input device. All of the above
examples require specialized hardware, which is often expensive.
Unwillingness of people to interact with such input devices. Most
people don't like anything shining light into their eyes for a retinal
scan, for example.
Spoofing. Regardless of how fancy the reader is, in the end it
generates a bit string that is used by the CPU for authentication. If
an attacker is able to intercept and replay this bit string, then the
security of the system will be compromised. This implies that need for close
proximity and physical security between the device and the CPU. This
is big drawback of this method, as it does not work well over the
network.