That is a really bad thing in my opinion and I’m more than just happy that I don’t need to care (for now). Luckily I can even do online banking without any app (physical TAN generator for 2FA). I know it becomes worse, especially in other countries, but I hope GDPR in EU will be a shield against it, because it rates biometric data as highly protectable data (wording is maybe different) and so I think it is possible to force banks to use other authentication methods inside Europe. But who knows what the future brings.
The systems are highly insecure. Often a simple photo is enough to make the system thinking that is a real or even specific person. There are even people using game characters to create accounts. You can take bad cameras to make it easier to hack the system. What comes next? Maybe you have to film yourself in 180° to make sure that it is not just a photo. Hackers will collect photos from people from the internet, merge them via KI together into a 3D model or something and make a virtual movement on display. And if you do not upload your photos to the internet public, you don’t know what cameras shot a picture around you. Smartphones of strangers, Tesla cars, security cameras, …
There is always a way to hack these systems, but the real danger is for the real users like us.
Here is also the same, as more people using these systems as more valuable they become for bad actors and you never change your face (with very few exceptions), so once your data is in wrong hands, your face never becomes a secure token again. Same with other biometrics as eyes or voices. And even worse, once more companies start to collect such data, it is like using the same password everywhere and after it got stolen, you cannot change it (at least not easily).
I usually agree that we first need a “thread model to choose our needs”, but in case of biometrics I would refuse it, no matter of the specific thread model. If you have no choice as described with bank requirements (especially without alternative banks), well … nobody can blame you for using it. The life becomes hard without a bank account and I probably would also have to “accept” it.