They are already using facial recognition, fingerprints, and voice recognition as methods to unlock smart phones. It would not be hard to use this tech to created a unique one off hashed encrypted token that could be shared only with the important sites like banking and medical portals. But I would not want it connected to my real person for any other accounts anywhere else. So I would have to have two, one used as an anonymous token. But if someone stole your phone...
My first thought is of a biometric refresh algorithm, such as facial recognition that required differences among successive images, thus indicating that they were taken live.