More important is the trade-off between false acceptance and false rejection
Hacking by photos, masks and brothers are minor issues. Even if perfected to be fake-proof, biometrics will remain insecure due to inherent trade-off between False Acceptance and False Rejection.
Two entrances placed in parallel in case false rejection provide nice convenience to criminals. This is what we witness in so many biometrics products in cyberspace