and that has to deal with the security of the transmission itself. There are many facets of security between the end user and the system, going through the authentication process to the application and data transmission and then how bullet proof is the server itself. The authentication/authorization portion is just one part of security.
That is is. Say, do you consider authentication on the user side the weakest link, currently? I may not have the expertise, but I'll say I don't. Biometrics is effectively a login that can't be physically stolen, falsified or forgotten and is easier to use. However, how does one solve the problem that it is invariable? As soon as we introduce other, changing identifiers to safeguard against the possibility of login data being compromised, we're back to glorified usernames and passwords. If I'm being remotely correct on that, I propose we turn attention to other, more problematic parts - bulletproofing protocols, abolishing legacy protocols, mandating much more careful code and hardware audits and, in the recent light, preventing unsanctioned wiretapping.