On the yubikey analogy, you forget one important detail: you leave copies of your fingerprints (good enough to unlock your phone) on everything that you touch, everywhere you go - doors, door handles, cutlery, cups and bottles, furniture, stationery, push-buttons and so on. That's not the case with a yubikey, which is by design protected against cloning, unintentional as well as deliberate.

Also, fingerprints can be covertly photographed using a fairly basic camera, while the yubikey content, once again, is locked inside a secure chip inside the device.

So, if your friend uses a fingerprint only, you can take a few photos of the friend's fingers, or just take him to lunch.

You don't need to take my word for any of this - just give it an honest try. During a normal weekday, monitor the times you have left a fingerprint in a place where it can be easily retrieved by a stalker. You'll be surprised.

And I hope you were joking about the small cut :) Wouldn't suggest you give THAT an honest try.

You leave copies of your fingerprint everywhere, and you can't change it - IMO, if fingerprint was a password, it would be the worst password ever, worse even than 123456. Really the computer equivalent of hitting Enter at the password prompt.

But fingerprints are user IDs, not passwords - so the security-conscious approach would be fingerprint+password; and if screen dirt residue is a concern, use a scrambled keypad. Or just wipe the screen on your shirt :)