Samsung has spent millions on making its phones more secure, and on making sure customers know about it. You’d think all that money would be enough to fend off the threat of a $2 silicone case. Apparently not.

If there’s ever an appropriate time to call a gigantic tech conglomerate “red faced,” it’s probably now. In a terse statement released yesterday, Samsung acknowledged some clear cases and screen protectors can be used to bypass the fingerprint sensors on the Galaxy S10, Galaxy 10 Plus, Galaxy S10 5G, Galaxy Note 10, and Galaxy Note 10 Plus.

You don’t need a 3D printer, super-high-res camera, latex molds, or any cloak-and-dagger nonsense. A dirt-cheap phone case is all you need to unlock someone’s Samsung flagship.

It’s hard to excuse this massive breach of trust, and it’s even harder to understand why Samsung has so far failed to apologize to customers. Yet, this embarrassing mishap isn’t that surprising in the scheme of things.

The truth is, fingerprints and other biometric authentication methods are flawed. You shouldn’t rely on them if you actually care about mobile security. PINs and passwords are much more secure — if less convenient — methods of authentication.

There are several reasons why an old-fashioned password is preferable to fingerprint readers, facial scanners, or retina/iris scanners.

For one, it’s easier to force someone to unlock their device with their fingerprint or face than it typically is to force them to reveal a password or PIN. It’s much easier to trick people into unlocking their device too — sometimes all it takes is to place the device in front of them while they’re sleeping (just ask Google Pixel 4 reviewers).