A bad choice for what? Your fingerprint can only be used to access a particular device in the case of Touch ID. It is worthless if you don't also have physical access to the device. And it's a lot easier to tell if your device has been compromised because it means that you no longer possess it, in which case you can simply remote wipe it. To reiterate: Possession of your fingerprint alone does not allow someone to access your bank account or log into your webmail.
Your fingerprint can only be used to access a particular device in the case of Touch ID. It is worthless if you don't also have physical access to the device.
Or any previous device you might have had with Touch ID. Unless you change your fingerprints when you get a new phone.
And it's a lot easier to tell if your device has been compromised because it means that you no longer possess it, in which case you can simply remote wipe it.
Which can easily be subverted by simply disallowing the phone from connecting to the Internet. A "faraday bag" costs a few bucks. Assuming TouchID doesn't prevent you from logging in without Internet access, of course.
Or any previous device you might have had with Touch ID. Unless you change your fingerprints when you get a new phone.
Or... You could wipe your old phone when you get a new one.
Which can easily be subverted by simply disallowing the phone from connecting to the Internet.
Perhaps, but you know what they say: If a (determined) attacker gains physical access to your device, all bets are off. But at least you would know if you lost your device. A password OTOH could be compromised without you knowing.
Also, I am only saying that Touch ID is at least as secure as a username/password authentication scheme. If you want more security (perhaps because your adversary is someone who would go to the lengths of manifacturing a fake finger to fool a Touch ID sensor and also get a Faraday Bag to prevent you from wiping your device), the you should perhaps consider using 2-factor authentication.
