Actually, all three factors are things you know: Your password is something you know. The private key on the security processor is something you know. And your scan of your fingerprint is something you know.

Well, biometrics usually act as a proxy for PIN codes, so the PIN code is something you know, the private key is something you have, and biometrics is authentication.

And yes, nitpicking :)

I'll never understand this. I am not a fingerprint.

You are a human, and humans have permanent fingerprints. The difference between "something you have" and "something you are" is that you can regenerate the former, but not the latter.

That kinda leaves (current) biometrics in a gray zone, as fingerprints and faces can be regenerated.

You literally leave your fingerprint on every surface you touch, and faces can be covertly photographed.

I believe they were referring to the fact that you can't hit a button and generate new fingerprints for yourself. The ones you have are with you forever, generally.

Assuming you don't get a paper cut or something.