Also remember that the vast majority of smartphone users have such a strong preference for 'convenience' it's almost off the charts.
I'm actually (for once) more or less entirely positive about touch ID and face ID for 99.9% of phone users for this simple reason. I mean, the internet is full of comment threads like this about how touch ID can be 'defeated' using complex schemes involving gummy bears or whatever and face ID can maybe be defeated by, well, we don't know yet, but very likely something at least equally complex (given that Apple really does seem to have done some pretty solid work on making it resist the old 'use a photo' gag, etc.)
This is all fine and dandy and very nerdy, but rather heroically missing the point. How hard was it to break into most people's phones *before* touch ID? It was about as hard as 'pick up phone, swipe screen', because most people *just didn't bother locking their phones*. They don't want to bother typing a passphrase or swiping a pattern, it's effort they're just not willing to expend.
Even people who *did* lock their phones generally used a hilariously weak password or pattern and never, ever changed it. Getting into one of those is about as hard as 'try 1234' or 'shoulder surf for a few minutes until you see them enter the pattern, *then* steal the phone'.
It's not like the competition for touch ID / face ID is 'a world of people who lock their phones with strong passwords and change them regularly'. It's 'a world of people who don't lock their phones or use 1234 as the password'. Given this, all the arguing about Mission Impossible-style scenarios is a bit ludicrous. Touch ID vastly improved *practical* security in the real world by making it much more convenient to have at least *some* security, to the point where lots of people use it who never locked their phones before. That's a *good* thing.
It does seem to be the case that face ID isn't *really* better than touch ID in any particularly identifiable way but Apple chose to go with it because of the 'can't put a fingerprint sensor on the front' problem, and that's a decision you can reasonably question. But I don't really have a lot of time for 'well, some security researchers managed to compromise it with an awful lot of effort and time so it must be a terrible idea' dick-waving.