Biometric auth is, among other things:
1. Fingerprints
2. Iris scans
3. Facial recognition
Deepfakes obviously cannot replicate fingerprints. The irises in deepfakes are also too small to be detected by a camera (and even then, it can trivially detect its presence on an electronic screen, thereby defeating those attempts to break in. Same with facial recognition).
The only thing deepfakes are, are a nuisance to politicians and public figures.
The person's eyes can be removed for the purpose.
The person's face can be used with force.
If it is just password or pin, it is from the mind and no one may know it expect the person, unlike biometry that makes it easier to steal something from someone.
Do not forget that someone's fingerprint can be gotten too. Also if you are sleeping, I may become your enemy and use your finger to unlock your phone and your wallet and steal from you and I will be able to and become your friend again, not knowing of the evil work that I have done until you see it, but you never known who did it.
You are right with what you said but biometrics are not recommended in security than password or pin.