Every type of biometric authentication will have a false acceptance rate, which is the likelihood that the system will incorrectly accept an access attempt by an unauthorized user. Of course, when combining biometric with other authentication factors (e.g. passwords, or a security device), the chances of someone gaining access are significantly reduced.
However, when dealing with highly sensitive information (e.g. for access to banking, systems requiring PCI compliance, HIPAA compliance, etc), where even a single breach could imply a large risk, what would an acceptable false acceptance rate for biometric authentication be when combined with another authentication factor?
For example, if the FAR is 1%, and I combine that form of authentication with password authentication, would that be acceptable in this case? What about 0.1%? 0.001? I realize that this is relatively subjective, but I have no idea what a good range would be, so any actual data, studies or use cases would be appreciated, if possible.