I think this is the key point. If fingerprints were like public-key authentication mechanisms, they'd be fantastic. If it was mathematically impossible or even just very difficult to fake them just by intercepting previous authentications, that would be incredibly useful.
That's not the case though.
They're easily reproduced in moments using putty[0] or play-doh[1]. Or duplicated using household materials, even from a fingerprint collected from the targeted iOS device itself.[2] Some teams have found difficulty using some of these methods against a MS fingerprint scanner, but still found success using a toy wax kit from Crayola.[3]
But the general point about revocation is this: you should imagine, whenever designing a security system, "what's my fallback when this fails?" Biometrics can fail for lots of reasons, not only due to adversaries.[4] You need to have some idea of how to recover from those failures beyond just insisting that those failures don't happen or are unlikely.
Revocation is a handy fallback in those situations for a lot of systems. It's so common that people probably wrongfully assume it's the only way to recover. Fingerprints can't offer revocation, but they may have other fallbacks. Maybe you have a guard checking photo IDs if a scanner doesn't work for entry to a facility.
Scanners for devices might need to simply fail to require usernames and passwords for some users after they've been compromised. That could still offer convenience for other users, but over time, fewer and fewer users would get that benefit.
Or maybe fingerprints are just not designed to be that secure, and maybe that's ok. Anyone can get through the standard household locks in seconds with about 30 minutes max of research on youtube. They're not perfect security and not intended to be, they just put a small barrier (mostly social) to prevent the most nuisance level entries.[5]
[4] See Yager and Dunstone on the Biometric Menagerie for an interesting classification system for the wide variety of failure cases you have to tune any biometric system against.
[5] If you want more about this philosophy / interpretation of locks and security, or even if you don't, there are fewer better ways to spend an hour than by listening to the brilliant Schuyler Towne at RVAsec on the history and social function of locks and lock-making. No seriously, it's amazing. https://www.youtube.com/watch?v=3nROJz_UNQY
EDIT: moderated my views in the last two paras, sorry for any whiplash.
So there are two things I would like to address. First, fingerprints do not need to be cryptographically secure to be sufficient for a great many purposes. As you noted, a house lock can be picked in seconds by someone with moderate skill and yet they are sufficient for physical security on most cases.
Second, and more important, we need to stop pretending that passwords actually work well when we have these sorts of conversations. The reality is that most people reuse the same passwords everywhere and when they are forced to use secure/unique passwords they cope by doing things like writing them down on sticky notes attached to their monitors. The reality is that most people are probably using a compromised password for their bank access because they used the same password on a dozen sites that have been compromised. When we compare fingerprint security to passwords, we need to stop comparing it to the mythical unique passphrase because essentially no one is using that.
I'll also point out that copying someone's fingerprint when they cooperate by taking a clay mold is quite different from lifting a fingerprint off, e.g., a glass. But nonetheless, I do not dispute that it is quite feasible to clone fingerprints.
I think this is the key point. If fingerprints were like public-key authentication mechanisms, they'd be fantastic. If it was mathematically impossible or even just very difficult to fake them just by intercepting previous authentications, that would be incredibly useful.
That's not the case though.
They're easily reproduced in moments using putty[0] or play-doh[1]. Or duplicated using household materials, even from a fingerprint collected from the targeted iOS device itself.[2] Some teams have found difficulty using some of these methods against a MS fingerprint scanner, but still found success using a toy wax kit from Crayola.[3]
But the general point about revocation is this: you should imagine, whenever designing a security system, "what's my fallback when this fails?" Biometrics can fail for lots of reasons, not only due to adversaries.[4] You need to have some idea of how to recover from those failures beyond just insisting that those failures don't happen or are unlikely.
Revocation is a handy fallback in those situations for a lot of systems. It's so common that people probably wrongfully assume it's the only way to recover. Fingerprints can't offer revocation, but they may have other fallbacks. Maybe you have a guard checking photo IDs if a scanner doesn't work for entry to a facility.
Scanners for devices might need to simply fail to require usernames and passwords for some users after they've been compromised. That could still offer convenience for other users, but over time, fewer and fewer users would get that benefit.
Or maybe fingerprints are just not designed to be that secure, and maybe that's ok. Anyone can get through the standard household locks in seconds with about 30 minutes max of research on youtube. They're not perfect security and not intended to be, they just put a small barrier (mostly social) to prevent the most nuisance level entries.[5]
[0] http://www.puttyworld.com/thinputdeffi.html
[1] https://secure.marketwatch.com/story/this-company-hacked-an-...
[2] http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren.en
[3] http://www2.washjeff.edu/users/ahollandminkley/Biometric/ind...
[4] See Yager and Dunstone on the Biometric Menagerie for an interesting classification system for the wide variety of failure cases you have to tune any biometric system against.
[5] If you want more about this philosophy / interpretation of locks and security, or even if you don't, there are fewer better ways to spend an hour than by listening to the brilliant Schuyler Towne at RVAsec on the history and social function of locks and lock-making. No seriously, it's amazing. https://www.youtube.com/watch?v=3nROJz_UNQY
EDIT: moderated my views in the last two paras, sorry for any whiplash.