I am guessing that someone will figure out a way to get retinal data via red-eye flashes and
200 megapixel cameras.
In the end, "Something a person is" is probably the easiest factor of authentication to
spoof... and should only be used as a 'factor' with multiple authentications... and other
factors involved to be useful.