They are considered to be more like keys to a safe than private knowledge. They also can't be changed if compromised. A sufficiently unguessable PIN or passphrase is better than biometrics.