You shouldn't model it as incredible hard to fake. It isn't. It's harder that typing a password you've stolen into a web site, but if you set out to do it, it's not that much harder.

This is the primary reason I'm against biometrics used for identity. Yeah, the privacy invasion is a problem, but I think that's completely dominated by the fact that if everyone uses it, it will be leaked, and once leaked, can indeed be quite practically faked. If used as a password, it's a password you can never change. That is useless.

The difficulty of overcoming a security measure should be greater in cost than the thing it is valuing. The cost of, for instance, replicating a fingerprint given a photo of it, is basically a home hobbyist project for the weekend. Check out Youtube for many people who have done exactly that and give instructions how. When the cost of bypass is "home hobbyist project on a weekend", the value of what it should be expected to protect is correspondingly low.

(In fact I don't even use it on my cell phone, with all its access to bank accounts and amazon accounts and other ways to spend my real money. The idea of a password to all that stuff that I leave arbitrary copies of sitting right on my screen is completely absurd. Everything important is locked behind codes and passwords. It's less convenient than fingerprints but at least those offer actual security.)

You also have to bear in mind the costs of the biometrics gathering. If you have a physical guard watching someone do a retinal scan and verifying that they have put their real eye up to it, you're at least on track to something that takes a lot of resources to overcome, especially if it's in combination with other techniques of identification. If you don't have that, now we're back to "how cheaply can we replicate whatever passes for a retina with this scanner" and that's likely to be cheaper than most people think. Real-world biometrics are in places where attackers can perform arbitrary attacks with impunity.