What do you think about doing it sort of like how RSA does their 2fa bits?
Say it worked like this:
You typed in your username, scanned your fingerprint for the rest of the username, and then typed a password / passcode?
That makes it virtually impossible to have username collisions (good) and still uses a password. If you were ultra paranoid, you could use a key fob such as a Yubikey and enter a OTP in addition to the above.
That would work, iff there was not a way to show that a particular person owned a particular username. However, I cannot think of any way to prevent that.
...But given the ease of getting someone's fingerprint I'm not sure if this is actually much better than a standard username+password combination (potentially with 2fa) without a fingerprint at this point, and it's less convenient to boot.
Say it worked like this:
You typed in your username, scanned your fingerprint for the rest of the username, and then typed a password / passcode?
That makes it virtually impossible to have username collisions (good) and still uses a password. If you were ultra paranoid, you could use a key fob such as a Yubikey and enter a OTP in addition to the above.