Why is there no recovery path when a breach leaks my biometrics?
Opportunity
When a password database leaks, every affected user resets their password and the breach is contained. There is no equivalent reset for biometrics. A leaked fingerprint template or face encoding can be replayed against any future system that accepts that modality, for life. Cancelable biometrics and template protection exist as academic research and a handful of niche enterprise products, but no identity system operating at consumer scale has deployed them. The NYC Health + Hospitals incident in early 2026 left 1.8 million people with permanently compromised fingerprint and palm records and no operational recovery path.
Why it matters
Identity systems built on irrevocable secrets are a single incident away from permanent compromise for every enrolled user.
How I score the opportunity
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.
More problems worth solving
Why is the software we depend on most the worst to use?
TechWhy do I still own none of the data I generate?
TechWhy can I not get a receipt proving my data was actually deleted?
TechWhy can I not know if what is running matches what my SBOM declared?
TechWhy does every C2PA provenance chain break the moment content hits social media?
TechWhy does critical open source software still depend on one exhausted maintainer?