On the other hand, it's much harder to crack a hashed thumprint image.
[edit]
evan_ is right, you don't hash scan images. The question is, how much usable bits of entropy you can extract from a thumbprint scan? Anyway, I retract my main point.
Definitely. A 256 x 256 pixel grayscale image (8 bits per pixel) is half a million bits of entropy... try cracking that on your botnet!
Although the real entropy of thumbprint images is likely to be much smaller, considering that they share many simliar pixels... but it's still unimaginably huge compared to a short alphanumeric password.
Draw a picture on a piece of paper. Sign it, write your name, arbitrary words, whatever. Hold it up to a camera.
Could something like this be made to work? Work in the sense that a variety of cameras could read the same "password"? I guess QR codes have a fair bit of redundancy built-in...
[edit]
evan_ is right, you don't hash scan images. The question is, how much usable bits of entropy you can extract from a thumbprint scan? Anyway, I retract my main point.