It's not "just" a username, in a way that I can type arbitrary username easily, but spoofing biometrics is somewhat harder, at least in a controlled environment. And that's the only reason why it's used - it is essentially a replacement for situations such an agent quickly checking a photo ID (low-effort high-volume quick-and-dirty weak authentication).
Not that I'm fond of this, just saying that it's not exactly just an username.
There is no culture of using secrets for authentication in any public setting. It all had always relied on biometrics, since times immemorial (people knowing how one looks like, then scaled up with printed documents, now scaled up again with machine-assisted recognition). Essentially, with some exceptions like high-security facilities, people had always relied on their public identities (self-asserted or asserted by a trusted third party, depending on the requirements) to get access.
Not that I'm fond of this, just saying that it's not exactly just an username.
There is no culture of using secrets for authentication in any public setting. It all had always relied on biometrics, since times immemorial (people knowing how one looks like, then scaled up with printed documents, now scaled up again with machine-assisted recognition). Essentially, with some exceptions like high-security facilities, people had always relied on their public identities (self-asserted or asserted by a trusted third party, depending on the requirements) to get access.