You leave your password everywhere, unless you are like Michael Jackson, and wear gloves all the time.
As soon as someone finds a way of lifting your fingerprints off the glass you drank your last pint from, and sorts out a method for creating a facsimile/feeding the correct hash from that into an authentication system, it will be busted wide open. And if there is a single hashing method, that will not take very long. Sounds soooooo secure to me!
If you are going to use biometrics, use something that is not generally available! But as soon as you do, the data from that biometric will leak (your iris or retina data is only safe now because you have never had a reason to have it scanned. As soon as you do, it will become generally available).
I'm also a little unhappy about putting my eye up to an optical device in a public place, because it would be possible for such a device to be hacked (like bank ATMs are now for card skimming) to do irreparable damage to my eyes (scenario, use a pulsed solid state laser to burn some small random patch of the eye. No immediate symptoms, so device may not be spotted immediately, but repeated use would degrade sight).
So, possession of a physical token, plus a changeable secret, with additional further authentication to resolve conflicts, which may include biometrics used at some trusted local identity broker (physical presence required) would be my preferred solution.