What do you say to those that say that dual- or multi-factor authentication is still necessary?
For the same reason the guy who succeeded in your link does. . . it is very complex to get a fake fingerprint that has sufficient underlying detail to work. . . and it still has to be on a living finger. It WILL NOT WORK with just a photo. He states it is a very complex procedure for it to work. . . he says:
The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.
Why I hacked TouchID (again) and still think it’s awesome
I posted about this hack back when it came out. . . and it was completely discussed on the forums. The amount of equipment necessary to get a good fake fingerprint, essentially requiring using a superglue vapor transfer technique to lift a fingerprint that will get the underlying ridge detail, makes this a non-starter hacking method. The equipment to do that costs in the multiple thousands of dollars.
Being able to steal someone's phone and then access their TouchID is NOT going to happen by using an easy to acquire fingerprint copy.