actually, it CAN be done well
Are biometrics and facial recognition perfect? Of course not. No security solution is. With enough time and access to your PC, any and all security can be bypassed eventually.
What bothers me about this article is the implication that facial recognition in general doesn't work. As with all security solutions - or even all software in general - it's not the technology concept itself that counts, but the specific IMPLEMENTATION of that concept that matters. Just because Notepad is a terrible word processor doesn't mean that they all are.
I've actually worked as a vendor of facial recognition security software for PCs for several years now (Sensible Vision). We've successfully protected PCs in security critical organizations such as hospitals and banks - even a maximum security prison - for years. Our consumer platform on Dell computers (not examined in this study) is both easy to use and has very real security benefits (including automatic locking of the desktop when the user is NOT there....typically a much bigger threat in most environments than a sophisticated, time consuming "replay attack" ).
Bottom line - despite the implications of the article, by minimizing weaknesses, publicizing those that remain and then providing tools to address them, convenient and secure facial recognition for PCs can actually be done and done well.